13
3
Fork 0
Wiki Issues 89 resources competences Projects 8 Code Pull Requests Releases Activity
Browse Source

API calls authorized with HTTP header 

This mod allows API calls to be authorized with HTTP header
when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without
it user authenticated by reverse proxy is able to access
gitea UI but not API which is inconsistent.

Author-Change-Id: IB#1107572
pull/15119/head
Pawel Boguslawski 4 years ago
parent
0a23079485
commit
dc952c0632
1 changed files with 4 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      routers/api/v1/api.go

4
routers/api/v1/api.go
Unescape View File

@ -197,6 +197,10 @@ func reqToken() func(ctx *context.APIContext) {
return
}
if ctx.IsSigned {
// Don't require token if already authenticated by reverse proxy.
if setting.Service.EnableReverseProxyAuth {
return
}
ctx.RequireCSRF()
return
}

Write Preview
Loading…
Cancel
Save