Hi all,
Currently i am founding one issue related to the security facing below issue
when we remove everything from url and fire direct request to “/api/user/v1/” endpoint
we get following json data which disclose sensitive endpoints existing on API
{
“users”: “http://localhost:18000/user_api/v1/users/”,
“user_prefs”: “http://localhost:18000/user_api/v1/user_prefs/”
}
I just want to know that why this API show the below response and where is the view of this api url to know the exact reason behind this.
as i want to throw 403 for this api response as i want to authenticate API.
so please guide me on what can I do. Thanks in Advance
Humm, why do you think those are sensitive?, For example I can know many endpoints by checking browser development console, and see url of each request. And assuming we hide it around auth, those endpoints would be known if someone is autheticated and checks their dev console.