Comments (2)
andyo-tyk
commented on May 25, 2024
Hi @jakub-bochenski,
Thanks for flagging this - it looks like we've got a real muddle of inconsistency there. It will be difficult to align everything without making breaking changes, but this is now on my radar. We should definitely be able to improve things in our Tyk OAS functionality, though the Tyk Classic will be tricky or impossible to resolve.
In terms of the documentation, I've raised a ticket internally to improve this so that - even if the behaviour is inconsistent between different fields - we make it as clear as possible what rules are applied where.
Thanks again for your support - I'll leave this open until we've managed to improve the docs.
from tyk.
hbirkdale
commented on May 25, 2024
I can add to this. We tested with two endpoints:
/ping
/core/ping
We put in the white_list /ping, and it is allowed, but core/ping also now is allowed. I would think this needs to be strict or clearly documented. I put /ping in the white list, and its the only endpoint in the white list, then suddenly allowing /core/ping makes no sense. I get the fact that $ at the end will stop /ping/core - but what about at the beginning of the url?
from tyk.
Related Issues (20)
- Feature Request: Dark/Light Mode Toggle HOT 3
- Tyk API Gateway 5.0.7 : When creating the key for Basic Auth, the key value in responce is "" HOT 1
- OAuth2 client_credentials authentication does not seem to be RFC6749 compliant HOT 3
- Rate limit does not get reset when using more than 1 gateway pods in kubernetes HOT 1
- Optimize rate limit using Lua script
- [Q]: Adding more tests and increasing the Code Coverage HOT 4
- Double response from go plugin virtual endpoint HOT 1
- [TT-5070]Wrong HTTP status code when panic happens inside Go plugin HOT 1
- [TT-11223]ERROR: Tyk PUMP not able to connect to Redis Sentinels HOT 1
- Error with middleware in one gateway while other pods are working fine HOT 1
- KV Store config not read in tyk.conf (security.certificates.upstream) HOT 4
- User not authorized when using basic authentication HOT 1
- OAS API: transformRequestMethod.toMethod expects boolean instead of string HOT 1
- Automatic retries when there are specific errors from Upstream
- How to define proxy.listen_path as exact path? HOT 4
- HTTP/2 Continuation Frame Vulnerability
- graphql playground error for federation
- Add HTTP proxy support to MDCB
- Tyk cannot validate client certificates against a certificate authority
- Profile Raw Editor cursor placement HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tyk.