security audit fixes: task ID 12: remove /api/account/token/ method

2024-11-30 11:32:11 +00:00 · 2024-11-30 11:32:11 +00:00 · 0e3fe5fd8a
commit 0e3fe5fd8a
parent 444da1fddf
1 changed files with 2 additions and 0 deletions
--- a/api/index.php
+++ b/api/index.php
@ -2598,12 +2598,14 @@ switch($PARAM_1)
 	{
 		switch($PARAM_2)
 		{
+			/* DEPRECATED & DISABLED due to security reasons
 			case "token":
 			{
 				print \Bitrix\Main\Web\JWT::encode(["acc_number" => $REQ['acc_number']], $secret, 'HS256', null, null);
 				die();
 			}
 			break;
+			*/

 			case "recovery":
 			{