AA issue for DreamFactory


#1

Hi there,
I’m new to dreamfactory.
I’m a little bit confused about dreamfactory authentication and authorization.
Here’s the issue I found:
I created a App named myApp, which is ‘File Storage’.
Then DF auto generate the stub of App with basic login feature and CRUD.

What confusing me are:

  1. CRUD api can be invoked even without user login
  2. Incorrect App name still work with API invoking, pls see below code:

var app_name = “myAp”;

window.authorizations.add(“X-DreamFactory-Application-Name”, new ApiKeyAuthorization(“X-DreamFactory-Application-Name”, app_name, “header”));

I’m using incorrect App name ‘myAp’ instead of ‘myApp’, but I’m managed to invoke the API with SDK as well…


@Done!!!
I just figured out it is because of my admin session_id is working in the same browser window.
Same story happen to other poster.


#2

Ricky, glad you got this one figured out. I was just about to ask you if you had multiple sessions going.