Using the following curl request:
curl --location --request POST 'https://<public api url>/<database>/_session' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{ }'
We get a session cookie back. If I then use that cookie to attempt to read all documents, or create a new document etc, it seems I have full access to do so.
The GUEST user on the sync gateway is disabled.
Please advise.
8 posts - 2 participants