Some functions of the web app depends on the API and stop working when API is disabled
Hello, Since it's now possible to disable the API in the settings, it arises some issues. For example, it is not possible to upload or delete a study thumbnail in the administration section because the routes are in the API scope.
POST /api/datasets/thumbnail/[filename]
POST /api/datasets/thumbnail_delete/[filename]
Is there a way to keep the API disabled while the thumbnail edition/removal works ?
P.S. there may be more instances of /api/* in webapp, we would be glad to report them if we spot them.
We have a few more places such as the "Metadata" edit page that use the API. It would help figure out a better solution if you could describe your use case for disabling the API.
Our goal is to reduce attack surface on our NADA instance. Since we don't have the resources to pentest the API, we prefer to disable it solely since we're not using it yet. Only the web interface will be used.
Is there a way to replace API route with web route or should we temporarily keep thoses routes enabled ?