Project

General

Profile

Actions

Defect #26296

open

GET /attachments/download/:id/:filename should deny access

Added by Jess Nielsen over 7 years ago. Updated over 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Attachments
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

GET /attachments/download/703/android_demo.zip HTTP/1.1
Host: redmine.company.org
Cache-Control: no-cache
X-Redmine-API-Key: INVALID

Returns HTTP Code 200 along with the login page.

It must return HTTP Code 401.
It is an API where login page does not have a relevance.

Redmine version: 3.1.0.stable

Actions

Also available in: Atom PDF