You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
which boils down to /download/ endpoint issuing 403 instead of allowing to download an asset in embargoed dandiset. It allows for listing/browsing just fine but not download.
To demo/reproduce in CLI:
$ curl -sSL -H "Authorization: token $DANDI_API_KEY" -X GET https://api.dandiarchive.org/api/dandisets/001082/
{"identifier":"001082","created":"2024-07-05T22:24:27.440178Z" ... sensitive pruned ... "embargo_status":"EMBARGOED" ...
# accessing asset from within it
$ curl -vsSL -H "Authorization: token $DANDI_API_KEY" https://api.dandiarchive.org/api/assets/3e98c412-b4be-4e3d-8709-662e721cba30/download/ 2>&1| tail -n 20
< Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1723046887&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=2e915MBLhJJgGluInYtGZIyVYjAasqDvjolI0kX6ihQ%3D"}]}
< Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1723046887&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=2e915MBLhJJgGluInYtGZIyVYjAasqDvjolI0kX6ihQ%3D
< Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
< Connection: keep-alive
< Server: gunicorn
< Date: Wed, 07 Aug 2024 16:08:07 GMT
< Content-Type: application/json
< Vary: Accept, Cookie, origin
< Allow: GET, HEAD, OPTIONS
< X-Frame-Options: DENY
< Content-Length: 63
< Strict-Transport-Security: max-age=31536000
< X-Content-Type-Options: nosniff
< Referrer-Policy: same-origin
< Cross-Origin-Opener-Policy: same-origin
< Via: 1.1 vegur
<
{ [63 bytes data]
* Connection #0 to host api.dandiarchive.org left intact
{"detail":"You do not have permission to perform this action."}
Origin:
which boils down to
/download/
endpoint issuing 403 instead of allowing to download an asset in embargoed dandiset. It allows for listing/browsing just fine but not download.To demo/reproduce in CLI:
and in gui -- can navigate to https://dandiarchive.org/dandiset/000874/draft/files?location=derivatives%2FOCT-pipeline%2Fsub-SP002%2Fmicr&page=1 just fine but not to download a json file there.
The text was updated successfully, but these errors were encountered: