dkan icon indicating copy to clipboard operation
dkan copied to clipboard

Published 20 hours ago verified publisher icon GetDKAN

Spike: API calls to public endpoints fails with Authorization header

Open rhabbachi opened this issue 4 years ago • 0 comments

Describe the bug

Calling a public DKAN endpoint with the Authorization header returns 403 Forbidden. It does not matter if the Authorization is correct or not.

Steps To Reproduce

  1. Have a target site with DKAN installed.
  2. Call a public endpoint (for example /api/1/metastore/schemas/dataset)
$ curl --location --request GET "$(dktl url)/api/1/metastore/schemas/dataset" \
--header 'Accept: application/json' \
--header 'Authorization: Basic c3VzYW5hLnNpbWFuOnN1c2FuYS5zaW1hbg=='

Expected behavior

Calling public APIs should not fail when any form of authorization is used.

rhabbachi avatar Feb 09 '21 16:02 rhabbachi