Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
2.4.0-rc1
-
None
Description
https://github.com/ezsystems/ezplatform-admin-ui/pull/691 added a request listener that matches on request path info and evaluates if the request is an eZ Platform REST API request.
The regex used is too broad and takes into account routes that have nothing to do with eZ Platform REST API, for example:
https://example.com/netgen/api/some/path
https://example.com/admin/netgen/api/some/path
https://example.com/cro/netgen/api/some/path
Two issues exist with the pattern:
1) It doesn't start with a slash, matching any part of the path info
2) It doesn't validate that the part before `/api/` is a valid siteaccess