crowetic/qortal
1
0
Fork 0
forked from Qortal/qortal
Code Pull Requests Activity

Removed unnecessary check for isApiRestricted() when previewing.

Browse Source 
The API key authentication will be enough to restrict requests.
This commit is contained in:
CalDescent 2021-11-19 13:08:56 +00:00
parent 83e0ed2b5d
commit 824d14e793
1 changed files with 0 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/org/qortal/api/resource/RenderResource.java
View File

@ -70,12 +70,6 @@ public class RenderResource {
@SecurityRequirement(name = "apiKey") @SecurityRequirement(name = "apiKey")
public String preview(String directoryPath) { public String preview(String directoryPath) {
Security.checkApiCallAllowed(request); Security.checkApiCallAllowed(request);
// It's too dangerous to allow user-supplied filenames in weaker security contexts
if (Settings.getInstance().isApiRestricted()) {
throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
}
String name = null; String name = null;
Method method = Method.PUT; Method method = Method.PUT;
Compression compression = Compression.ZIP; Compression compression = Compression.ZIP;