Skip to content

Commit

Permalink
Fix: protect api/powerlimiter/status endpoint
Browse files Browse the repository at this point in the history
this endpoint must not spill info if read-only access is disabled.
  • Loading branch information
schlimmchen committed Nov 2, 2024
1 parent c55ff7d commit 41fd52d
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/WebApi_powerlimiter.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ void WebApiPowerLimiterClass::init(AsyncWebServer& server, Scheduler& scheduler)

void WebApiPowerLimiterClass::onStatus(AsyncWebServerRequest* request)
{
if (!WebApi.checkCredentialsReadonly(request)) {
return;
}

AsyncJsonResponse* response = new AsyncJsonResponse();
auto& root = response->getRoot();
auto const& config = Configuration.get();
Expand Down

0 comments on commit 41fd52d

Please sign in to comment.