Api: Pending clan member endpoint does not honour authorisation

Created on 31 Aug 2019 · 2Comments · Source: Bungie-net/api

The /GroupV2/{$id}/Members/Pending/ endpoint correctly requires authentication, however, once a user is authenticated, they can see _any_ clan's pending members — regardless of whether they're authorised to do so. (I assume that since this is not the way BungieNet works, that this is not the intended behaviour.)

bug investigation

Source

soren42

😕1

Most helpful comment

Ah, thank you for the heads up! I appreciate it!

vthornheart-bng on 7 Sep 2019

👍2

All 2 comments

Can be reproduced here http://braytech.org/clan/admin

justrealmilk on 2 Sep 2019

Ah, thank you for the heads up! I appreciate it!

vthornheart-bng on 7 Sep 2019

👍2

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Add a way to get the active challenges for an activity

ttgmpsn · 3Comments

Question: CORS using Origin Header for Browser Based Apps

theoperatore · 4Comments

Documentation missing Type/Property information.

gitFurious · 3Comments

VersionsOwned in GetProfile hasnt updated to forsaken game versions yet

ghost · 3Comments

DestinyHistoricalStatsActivity - Docs are a little out of date (low priority)

ghost · 3Comments