Open
Description
Hello,
I'd like to report a bug that occured to me as I tried to access Bolt's API from a remote client (Curl, Postman).
The api is located behind an api firewall in the security.yml file, configured as follow :
api:
pattern: ^/api
http_basic: ~This means that the resources located at path %bolt.backend_url%/api are not available through http_basic authentication and need a login authentication to be accessed (as per main firewal).
I have seen issue #37 stating that resources should not be available for headless admin on Bolt 4. Is it still the case with v5 ?
If yes, this firewall should be suppressed IMO. If no, it should be adapted to allow a form of authentication.
As I have done the same modifications on a personnal project for the latter choice, I can submit a PR.
Details
| Question | Answer |
|---|---|
| Relevant Bolt Version | tested on 5.0 |
| Install type | Composer install |
| BC Break | no |
| PHP version | 7.4.26 |
| Web server | Nginx |