monkeyDluffy6017 commented on code in PR #9778: URL: https://github.com/apache/apisix/pull/9778#discussion_r1255502645
########## apisix/plugins/consumer-restriction.lua: ########## @@ -95,6 +99,10 @@ local function is_include(value, tab) end local function is_method_allowed(allowed_methods, method, user) + if not user then + return false + end Review Comment: I don't think the logic here is correct, if the blacklist exists and we can't get the user info, the request should be forbidden -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
