I have created an API using Django rest framework. The url paths look like
Now, if I try to hit the url:
Then, in this case, I receive data about address_2 in my response. The “…/” let the user to actually call the address endpoint. Is this any known issue? And is there any way to avoid such manipulation in urls?
I believe this can pose many security risks with APIs using path parameters.
I am using Django 2.0.5. Please do let me know if this has already been addressed in any newer versions.