mirror
/
gitea
mirror of https://github.com/go-gitea/gitea
2
0
Fork 0
Code Issues Releases Wiki Activity

API calls authorized with HTTP header

Browse Source 
This mod allows API calls to be authorized with HTTP header
when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without
it user authenticated by reverse proxy is able to access
gitea UI but not API which is inconsistent.

Author-Change-Id: IB#1107572
pull/15119/head
Pawel Boguslawski 4 years ago
parent 0a23079485
commit dc952c0632
1 changed files with 4 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      routers/api/v1/api.go

4
routers/api/v1/api.go
Unescape View File

@ -197,6 +197,10 @@ func reqToken() func(ctx *context.APIContext) {
return
}
if ctx.IsSigned {
// Don't require token if already authenticated by reverse proxy.
if setting.Service.EnableReverseProxyAuth {
return
}
ctx.RequireCSRF()
return
}

Write Preview
Loading…
Cancel
Save