mirror of
https://github.com/zulip/zulip.git
synced 2025-11-02 21:13:36 +00:00
7dbd98d25c
Previously, test cases or clients accessing /json/ views using HTTP Basic Auth would be accepted, while we intended to only allow clients authenticated with a session cookie to access these views. This adds a check on the accessed path to avoid this possibility. It seems unlikely that any API clients clients were taking advantage of this unintended quirk; so we're not going to bother documenting this bug fix as an API change. In any case, it should be trivial for anyone affected to consult the documentation and then switch their /json/foo URL to a correct /api/v1/foo URL. Signed-off-by: Zixuan James Li <p359101898@gmail.com>