##// END OF EJS Templates
token-access: allow token in headers not only in GET/URL
milka -
r4608:374a996c stable
parent child Browse files
Show More
@@ -469,7 +469,14 b' def get_auth_user(request):'
469 469 ip_addr = get_ip_addr(environ)
470 470
471 471 # make sure that we update permissions each time we call controller
472 _auth_token = (request.GET.get('auth_token', '') or request.GET.get('api_key', ''))
472 _auth_token = (
473 # ?auth_token=XXX
474 request.GET.get('auth_token', '')
475 # ?api_key=XXX !LEGACY
476 or request.GET.get('api_key', '')
477 # or headers....
478 or request.headers.get('X-Rc-Auth-Token', '')
479 )
473 480 if not _auth_token and request.matchdict:
474 481 url_auth_token = request.matchdict.get('_auth_token')
475 482 _auth_token = url_auth_token
@@ -119,3 +119,4 b' def includeme(config):'
119 119
120 120 # This needs to be the LAST item
121 121 config.add_tween('rhodecode.lib.middleware.request_wrapper.RequestWrapperTween')
122 log.debug('configured all tweens')
General Comments 0
You need to be logged in to leave comments. Login now