Details
-
Bug
-
Resolution: Unresolved
-
High
-
None
-
None
Description
It seems that when a content with a binary attribute is accessed, the rest api responds giving the url pointing to var/storage/etc...
This is wrong as:
- default rewrite rules forbid access to that folder
- giving end users access to that folder violates fully the policy system
- it forces the user of the API to build by hand a "proper" url to content/download/xxx/yyy...
- ...which uses a different auth system anyway
Proper solution: extend the rest api with content/binary/etc...