diff options
author | Eric Avdey <eiri@eiri.ca> | 2018-10-11 17:37:43 -0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-11 17:37:43 -0300 |
commit | 7073ef1870f070c092f63e5952b0163a51034d0c (patch) | |
tree | a9cf7391128da27ced3a489ebc9076e888a3d074 | |
parent | 9675616d432b4553ebc5f77267ec05b71e05495b (diff) | |
parent | ec7ec28164dd62130aa475c7edae7241a48af164 (diff) | |
download | couchdb-7073ef1870f070c092f63e5952b0163a51034d0c.tar.gz |
Merge pull request #1652 from cloudant/restrict-active_tasks-to-server-admin
Restrict access to `_active_tasks` to server admin
-rw-r--r-- | src/chttpd/src/chttpd_misc.erl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/chttpd/src/chttpd_misc.erl b/src/chttpd/src/chttpd_misc.erl index c72ef7cd4..7b417b442 100644 --- a/src/chttpd/src/chttpd_misc.erl +++ b/src/chttpd/src/chttpd_misc.erl @@ -178,6 +178,7 @@ handle_dbs_info_req(Req) -> send_method_not_allowed(Req, "POST"). handle_task_status_req(#httpd{method='GET'}=Req) -> + ok = chttpd:verify_is_server_admin(Req), {Replies, _BadNodes} = gen_server:multi_call(couch_task_status, all), Response = lists:flatmap(fun({Node, Tasks}) -> [{[{node,Node} | Task]} || Task <- Tasks] |