mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 09:17:43 +03:00
b1c6e87803
The claims check in the auth middleware was switched around: in effect, it checked that we did not receive _more_ than we asked for, rather than checking we receive _at least_ what we asked for. Of course this would still not let anyone run any trigger without the proper access token, but it would let people list running triggers and request (or stop) trigger executions. CHANGELOG_BEGIN - Fix a bug in the auth middleware where insufficient credentials could still give access to list of running triggers. CHANGELOG_END |
||
---|---|---|
.. | ||
release | ||
src | ||
BUILD.bazel |