1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-26 03:03:08 +00:00

API calls authorized with HTTP header

This mod allows API calls to be authorized with HTTP header
when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without
it user authenticated by reverse proxy is able to access
gitea UI but not API which is inconsistent.

Author-Change-Id: IB#1107572
This commit is contained in:
Pawel Boguslawski 2021-03-18 15:37:22 +01:00
parent 0a23079485
commit dc952c0632

View file

@ -197,6 +197,10 @@ func reqToken() func(ctx *context.APIContext) {
return
}
if ctx.IsSigned {
// Don't require token if already authenticated by reverse proxy.
if setting.Service.EnableReverseProxyAuth {
return
}
ctx.RequireCSRF()
return
}