Details
-
Bug
-
Resolution: Fixed
-
Medium
Description
The {{
{repositories}}} hash in responses to authenticated requests to {{
{/users/:username}}} has the following keys:
{{{
'created_on', 'description', 'email_mailinglist', 'email_writers', 'fork_of', 'has_issues', 'has_wiki', 'is_fork', 'is_mq', 'is_private', 'language', 'last_updated', 'logo', 'main_branch', 'mq_of', 'name', 'no_public_forks', 'owner', 'read_only', 'resource_uri', 'scm', 'size', 'slug', 'state', 'utc_created_on', 'utc_last_updated', 'website'
}}}
Anonymous requests result in a drastically reduced payload:
{{{
'description', 'followers_count', 'logo', 'name', 'owner', 'resource_uri', 'scm', 'slug', 'website'
}}}
This applies even to public repositories, which is clearly erroneous. Retrieving data readily accessible via Bitbucket's web interface should not require authentication.