[pve-devel] [PATCH manager 2/3] check auth for disk image upload url
Timo Grodzinski
t.grodzinski at profihost.ag
Mon Feb 15 14:29:53 CET 2016
Signed-off-by: Timo Grodzinski <t.grodzinski at profihost.ag>
---
PVE/REST.pm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/PVE/REST.pm b/PVE/REST.pm
index bf7ce15..b3d546a 100644
--- a/PVE/REST.pm
+++ b/PVE/REST.pm
@@ -107,6 +107,10 @@ sub auth_handler {
$isUpload = 1;
}
+ if ($method eq 'POST' && $rel_uri =~ m|^/nodes/([^/]+)/qemu/([^/]+)/upload_image$|) {
+ $isUpload = 1;
+ }
+
# we skip CSRF check for file upload, because it is
# difficult to pass CSRF HTTP headers with native html forms,
# and it should not be necessary at all.
--
2.1.4
More information about the pve-devel
mailing list