mirror/syncthing
1
0
Fork 0
mirror of https://github.com/syncthing/syncthing.git synced 2026-05-18 22:03:11 -04:00
Code Issues Packages Projects Releases Wiki Activity

Check basic auth (and set session cookie) before noauth exceptions

Browse Source 
This enables logging in by simply making a GET request to `/` with the
`Authorization` header.
This commit is contained in:
Emil Lundberg
2023-10-08 20:12:39 +02:00
parent e6e4df4d70
commit 0e47d37e73
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/api/api_auth.go
View File

@@ -87,12 +87,6 @@ func basicAuthAndSessionMiddleware(cookieName string, guiCfg config.GUIConfigura
return
}
// Exception for static assets and REST calls that don't require authentication.
if isNoAuthPath(r.URL.Path) {
next.ServeHTTP(w, r)
return
}
cookie, err := r.Cookie(cookieName)
if err == nil && cookie != nil {
sessionsMut.Lock()
@@ -111,6 +105,12 @@ func basicAuthAndSessionMiddleware(cookieName string, guiCfg config.GUIConfigura
return
}
// Exception for static assets and REST calls that don't require authentication.
if isNoAuthPath(r.URL.Path) {
next.ServeHTTP(w, r)
return
}
// Some browsers don't send the Authorization request header unless prompted by a 401 response.
// This enables https://user:pass@localhost style URLs to keep working.
if guiCfg.SendBasicAuthPrompt {