Stacy Rendall created an issue |
OGC API - Tiles + Authkey - can see Vector Tiles with no key or invalid key |
Issue Type: |
Bug |
---|---|
Affects Versions: |
2.23.1 |
Assignee: |
Unassigned |
Components: |
Vector Tiles |
Created: |
16/Jun/23 6:33 AM |
Environment: |
Using Docker version of Geoserver, which is 2.23-SNAPSHOT, and extensions/community modules are 2.23-SNAPSHOT from 11th June build |
Priority: |
High |
Reporter: |
{z}/{y}/{x}?f=application/vnd.mapbox-vector-tile&authkey=f04cc884-0733-42f7-bd37-c8ed3fa6f148|http://localhost:8080/geoserver/ogc/tiles/v1/collections/workspace:dataset/tiles/EPSG:900913/EPSG:900913:{z} / {y}/{x}?f=application/vnd.mapbox-vector-tile&authkey=f04cc884-0733-42f7-bd37-c8ed3fa6f148] Works correctly, where the provided valid key maps to a role/group/user that is allowed to see the data. However the following also allow the data to be seen (in my testing sometimes just at certain zoom levels, other times at all zoom levels): / {x}?f=application/vnd.mapbox-vector-tile&authkey=notvalid|http://localhost:8080/geoserver/ogc/tiles/v1/collections/workspace:dataset/tiles/EPSG:900913/EPSG:900913:{z}/{y}/{x}?f=application/vnd.mapbox-vector-tile&authkey=notvalid] ?f=application/vnd.mapbox-vector-tile|http://localhost:8080/geoserver/ogc/tiles/v1/collections/workspace:dataset/tiles/EPSG:900913/EPSG:900913:{z}/{y}/{x}?f=application/vnd.mapbox-vector-tile] For comparison the following endpoints will correctly limit access, returning nothing for missing or invalid authkey:
|
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100226-sha1:d46780b) |