{
	"id": "173004",
	"key": "DAEMON-272",
	"fields": {
		"issuetype": {
			"id": "4",
			"description": "An improvement or enhancement to an existing feature or task.",
			"name": "Improvement",
			"subtask": false
		},
		"project": {
			"id": "12519",
			"key": "DAEMON",
			"name": "Appcelerator Daemon"
		},
		"fixVersions": [
			{
				"id": "20081",
				"description": "",
				"name": "Appc Daemon 2.0.0",
				"archived": false,
				"released": true,
				"releaseDate": "2018-11-25"
			}
		],
		"resolution": {
			"id": "1",
			"description": "A fix for this issue is checked into the tree and tested.",
			"name": "Fixed"
		},
		"resolutiondate": "2019-02-15T03:31:19.000+0000",
		"created": "2019-02-14T23:28:36.000+0000",
		"priority": {
			"name": "Medium",
			"id": "3"
		},
		"labels": [],
		"versions": [],
		"issuelinks": [],
		"assignee": {
			"name": "cbarber",
			"key": "cbarber",
			"displayName": "Chris Barber",
			"active": true,
			"timeZone": "America/Chicago"
		},
		"updated": "2019-02-15T03:31:19.000+0000",
		"status": {
			"description": "A resolution has been taken, and it is awaiting verification by reporter. From here issues are either reopened, or are closed.",
			"name": "Resolved",
			"id": "5",
			"statusCategory": {
				"id": 3,
				"key": "done",
				"colorName": "green",
				"name": "Done"
			}
		},
		"components": [
			{
				"id": "15617",
				"name": "appcd-subprocess"
			}
		],
		"description": "The {{SubprocessManager}} has a false security measure where only requests from internal routes and plugins and requests from WebSockets can spawn commands. Requests from HTTP are forbidden.\r\n\r\nSince WebSockets requests are essentially HTTP requests, there's no point blocking HTTP requests. The daemon's web server listens on localhost only, so there's no way for an outside actor to spawn a command.\r\n\r\nTo make things worse, the check to see if the source is indeed \"http\" is broken. It checks if {{ctx.request.source}} is \"http\" when it should be checking {{ctx.source}}.\r\n\r\nThis restriction is pointless and does not work. It should just be removed.",
		"attachment": [],
		"flagged": false,
		"summary": "appcd-subprocess: Remove HTTP source check",
		"creator": {
			"name": "cbarber",
			"key": "cbarber",
			"displayName": "Chris Barber",
			"active": true,
			"timeZone": "America/Chicago"
		},
		"subtasks": [],
		"reporter": {
			"name": "cbarber",
			"key": "cbarber",
			"displayName": "Chris Barber",
			"active": true,
			"timeZone": "America/Chicago"
		},
		"environment": null,
		"closedSprints": [
			{
				"id": 1112,
				"state": "closed",
				"name": "2019 Sprint 4",
				"startDate": "2019-02-11T16:16:38.316Z",
				"endDate": "2019-02-23T16:16:00.000Z",
				"completeDate": "2019-02-24T18:35:43.422Z",
				"originBoardId": 114
			}
		],
		"comment": {
			"comments": [
				{
					"id": "446083",
					"author": {
						"name": "cbarber",
						"key": "cbarber",
						"displayName": "Chris Barber",
						"active": true,
						"timeZone": "America/Chicago"
					},
					"body": "https://github.com/appcelerator/appc-daemon/pull/353",
					"updateAuthor": {
						"name": "cbarber",
						"key": "cbarber",
						"displayName": "Chris Barber",
						"active": true,
						"timeZone": "America/Chicago"
					},
					"created": "2019-02-14T23:33:19.000+0000",
					"updated": "2019-02-14T23:33:19.000+0000"
				}
			],
			"maxResults": 1,
			"total": 1,
			"startAt": 0
		}
	}
}