In ArcGIS Enterprise, requests to https://[root]/community/users/[userName] return with different results for f=json and f=pjson.
Portal for ArcGIS
漏洞 ID 编号
BUG-000158457
已提交
May 22, 2023
上次修改时间
June 5, 2024
适用范围
Portal for ArcGIS
找到的版本
11.1
操作系统
Windows Server
操作系统版本
N/A
状态
As Designed
经开发团队审核,已确定此行为符合设计。 有关详细信息,请参阅“其他信息”部分。
附加信息
This is as designed. When submitting/sharing/rest/community/users/(named_user) with f=json, a token is required to confirm authorization. This behavior is documented and is similar when accessing other secured endpoints in the portal directory. The f=pjson is not intended for application purposes; it is intended for users who are viewing it through the portal directory and in those cases, the token is not necessary since the user has already logged into the portal directory.