[pve-devel] [RFC PATCH manager] api: allow ticket in auth header as fallback
Tim Marx
t.marx at proxmox.com
Fri Aug 30 14:12:32 CEST 2019
Signed-off-by: Tim Marx <t.marx at proxmox.com>
---
PVE/Service/pveproxy.pm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/PVE/Service/pveproxy.pm b/PVE/Service/pveproxy.pm
index dd123dd8..860a05c0 100755
--- a/PVE/Service/pveproxy.pm
+++ b/PVE/Service/pveproxy.pm
@@ -184,6 +184,13 @@ sub get_index {
}
}
my $ticket = PVE::APIServer::Formatter::extract_auth_cookie($cookie, $server->{cookie_name});
+
+ if (!defined $ticket) {
+ my $authHeader = $r->header('Authorization');
+ $ticket = PVE::APIServer::Formatter::extract_ticket_from_auth_header($authHeader, $server->{cookie_name});
+ }
+
+
if (($username = PVE::AccessControl::verify_ticket($ticket, 1))) {
$token = PVE::AccessControl::assemble_csrf_prevention_token($username);
}
--
2.20.1
More information about the pve-devel
mailing list