Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • stork stork
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 274
    • Issues 274
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 25
    • Merge requests 25
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • storkstork
  • Issues
  • #495
Closed
Open
Issue created Feb 26, 2021 by Marcin Siodelski@marcinMaintainer

Prevent getting apps state for unauthorized machine

This is a result of the following comment !272 (comment 196568).

As Tomek pointed out, if you click on the unauthorized machine you're taken to the same view as in case of authorized machines. There used to be a button Get Latest State which, if clicked, would fetch apps information regardless if the machine is authorized or not. The button was removed for unauthorized machines in #485 (closed), but it is still possible to fetch the state via REST. I think it should be secured at the REST level, i.e. when the machine is unauthorized we should not fetch apps state.

Assignee
Assign to
Time tracking