with this definition inside policy I was thinking to allow only /company/pdf/template access but both URL are still available
Question : if an URL isn’t inside “allowed_urls”: [ ] is it forbidden?
How to process?
You can opt and specify only the restricted URLs, i.e., a black list rather than white list.
=> if I’m right, this white/black list is only applied at application level not policy (according to documentation)
Goal here is to define an app opening all URL, but with 2 different policies with different allow / forbidden URL (some are administration oriented) and then keys on them
My question was about the way to allow couple of URL / method (and to forbid others in same way) inside a policy
But all test I applied are failing.