Config.local.php Api_Allow_Customer=False It Isn't Working

config.local.php

'api_https_only' => false, // Allows the use the API functionality only by the HTTPS protocol
'api_allow_customer' => false, // Allow open API for unauthorized customers

although this way, the API is open to everyone.

https://www.webadress.com/api/categories

everyone can see that.

he doesn't want a username and password.

How Can I fix it?


For me it is closed

http://prntscr.com/jetocf

Looks like authorization is saved by your browser

I didn't write her web address on purpose.
he doesn't want user information. Data coming in.

user does not ask for information, data comes.

help.

        if ($authorized || Registry::get('config.tweaks.api_allow_customer')) {
/*
            $content_type = $this->request->getContentType();
            $accept_type = $this->request->getAcceptType();
            $method = $this->request->getMethod();

            if (($method == "PUT" || $method == "POST") && !FormatManager::instance()->isMimeTypeSupported($content_type)) {
                $response = new Response(Response::STATUS_UNSUPPORTED_MEDIA_TYPE);
            } elseif (($method == "GET" || $method == "HEAD") && !FormatManager::instance()->isMimeTypeSupported($accept_type)) {
                $response = new Response(Response::STATUS_METHOD_NOT_ACCEPTABLE);
            } elseif ($this->request->getError()) {
                $response = new Response(Response::STATUS_BAD_REQUEST, $this->request->getError(), $accept_type);
            } else {
                $controller_result = $this->getResponse($this->request->getResource());

                if (is_a($controller_result, '\\Tygh\\Api\\Response')) {
                    $response = $controller_result;
                } else {
                    $response = new Response(Response::STATUS_INTERNAL_SERVER_ERROR);
                }
            }
        } else {
*/
            $response = new Response(Response::STATUS_UNAUTHORIZED);
        }
that's how it got better.
config.local.php
what should be Write Read permission

.../api/categories

.../api/products/

he doesn't want user information.

config.local.php

read-write permission (666)
api_allow_customer' => false
.../api/products/
.../api/categories/
this is the way it is, but it's open to everyone.

what's the reason?

$config['tweaks'] = array (
    // Whether to remove any javascript code from description and name of product, category, etc.
    // Auto - false for ULT, true for MVE.
    'sanitize_user_html' => 'auto',
    'anti_csrf' => true, // protect forms from CSRF attacks
    'disable_block_cache' => false, // used to disable block cache
    'disable_localizations' => true, // Disable Localizations functionality
    'disable_dhtml' => false, // Disable Ajax-based pagination and Ajax-based "Add to cart" button
    'do_not_apply_promotions_on_order_update' => true, // If true, the promotions that applied to the order won't be changed when editing the order. New promotions won't be applied to the order.
    'dev_js' => false, // set to true to disable js files compilation
    'redirect_to_cart' => false, // Redirect customer to the cart contents page. Used with the "disable_dhtml" setting.
    'api_https_only' => false, // Allows the use the API functionality only by the HTTPS protocol
    'api_allow_customer' => false, // Allow open API for unauthorized customers
    'lazy_thumbnails' => false, // generate image thumbnails on the fly
    'image_resize_lib' => 'auto', // library to resize images - "auto", "gd" or "imagick"
    'products_found_rows_no_cache_limit' => 100, // Max count of SQL found rows without saving to cache
    'show_database_changes' => false, // Show database changes in View changes tool
    'backup_db_mysqldump' => false, // Backup database using mysqldump when available
);
How Can I close access?

config.local.php

read-write permission (666)
api_allow_customer' => false
.../api/products/
.../api/categories/
this is the way it is, but it's open to everyone.

Hi,

How do you check that this is open?

for example, you cannot access this page.

config.local.php

api_allow_customer' => true

.../api/orders

{"message":"Forbidden","status":403}

--

config.local.php

api_allow_customer' => false

.../api/orders

{"message":"Unauthorized","status":401}

--------

my config.local.php file

api_allow_customer' => false

.../api/orders

{"message":"Forbidden","status":403}

.../api/products/
.../api/categories/
the user authentication screen does not appear at all.

my config.local.php file

api_allow_customer' => false

but

api_allow_customer' => true

it's treated like that.
4.7.3 my site with 5 piece available. two of them have this problem. :)

This problem is present in 2 pieces on my site.

my other 3 sites work fine.

I searched all the files one by one and I couldn't figure it out.

I'd appreciate it if you could help me with that.

Contact CS-Cart support team with this issue. Possibly there is a bug in API

&debug
Config
tweaks.api_allow_customer false
/api/products is open to everyone.


tweaks.sanitize_user_html auto
tweaks.anti_csrf true
tweaks.disable_block_cache false
tweaks.disable_localizations true
tweaks.disable_dhtml false
tweaks.do_not_apply_promotions_on_order_update true
tweaks.dev_js false
tweaks.redirect_to_cart false
tweaks.api_https_only false
tweaks.api_allow_customer false
tweaks.lazy_thumbnails true
tweaks.image_resize_lib auto

I share the solution to this problem.

cscart\app\addons\storefront_rest_api

the problem is solved when this hidden addon is reinstalled.

1

It is necessary to correct the dB for appearance.

I share the solution to this problem.

cscart\app\addons\storefront_rest_api

the problem is solved when this hidden addon is reinstalled.

1

It is necessary to correct the dB for appearance.

Thank you for keeping us updated. Hope it will help someone