diff options
author | mguetlein <martin.guetlein@gmail.com> | 2012-01-03 13:20:18 +0100 |
---|---|---|
committer | mguetlein <martin.guetlein@gmail.com> | 2012-01-03 13:20:18 +0100 |
commit | fe3e3f88762df7cc57df76fe4d2a10602a3daa73 (patch) | |
tree | c57a37d74d6096d6a5225573b615aa8125f8c8f0 | |
parent | a63be20d3b5df30a7ed51153831b4aaefb791611 (diff) |
GET and POST should not be free-requests by default (enabling of A&A does nothing until moved to authorize-requests)
-rw-r--r-- | aa-local.yaml | 5 | ||||
-rw-r--r-- | aa-server.yaml | 5 |
2 files changed, 4 insertions, 6 deletions
diff --git a/aa-local.yaml b/aa-local.yaml index 260c72e..fe86a2e 100644 --- a/aa-local.yaml +++ b/aa-local.yaml @@ -3,15 +3,14 @@ :authorization: :server: AA :free_request: #request-method not controlled by A&A - - "GET" - - "POST" - "HEAD" - "DELETE" - "PUT" :authenticate_request: #only for authenticated user - "" :authorize_request: #only for authenticated and authorizeduser - - "" + - "GET" + - "POST" # Exceptions: :free_uris: #request-method for uri not controlled by A&A ? - :GET diff --git a/aa-server.yaml b/aa-server.yaml index 260c72e..fe86a2e 100644 --- a/aa-server.yaml +++ b/aa-server.yaml @@ -3,15 +3,14 @@ :authorization: :server: AA :free_request: #request-method not controlled by A&A - - "GET" - - "POST" - "HEAD" - "DELETE" - "PUT" :authenticate_request: #only for authenticated user - "" :authorize_request: #only for authenticated and authorizeduser - - "" + - "GET" + - "POST" # Exceptions: :free_uris: #request-method for uri not controlled by A&A ? - :GET |