Skip to content

customerpayment: cross-tenant GET/PATCH/DELETE returns 403 — same class as #221 (secure-404) #225

Closed
#226
Closed
customerpayment: cross-tenant GET/PATCH/DELETE returns 403 — same class as #221 (secure-404)#225
#226
@CryptoJones

Description

@CryptoJones
CryptoJones
opened on May 19, 2026

Same class as the 10 prior secure-404 fixes (#173#221), now on customer-cascade-scoped CustomerPayment (cpayCustId → Customer.custCompId). Collapse 403 into 404 to close enumeration of cpayId populations.

Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions