[pve-devel] [RFC PATCH manager] api: allow ticket in auth header as fallback

Tim Marx t.marx at proxmox.com
Fri Aug 30 14:12:32 CEST 2019


Signed-off-by: Tim Marx <t.marx at proxmox.com>
---
 PVE/Service/pveproxy.pm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/PVE/Service/pveproxy.pm b/PVE/Service/pveproxy.pm
index dd123dd8..860a05c0 100755
--- a/PVE/Service/pveproxy.pm
+++ b/PVE/Service/pveproxy.pm
@@ -184,6 +184,13 @@ sub get_index {
 	    }
 	}
 	my $ticket = PVE::APIServer::Formatter::extract_auth_cookie($cookie, $server->{cookie_name});
+
+	if (!defined $ticket) {
+	    my $authHeader = $r->header('Authorization');
+	    $ticket = PVE::APIServer::Formatter::extract_ticket_from_auth_header($authHeader, $server->{cookie_name});
+	}
+
+
 	if (($username = PVE::AccessControl::verify_ticket($ticket, 1))) {
 	    $token = PVE::AccessControl::assemble_csrf_prevention_token($username);
 	}
-- 
2.20.1



More information about the pve-devel mailing list