mirror of https://github.com/perkeep/perkeep.git
e03d0af04f
Since issue #660 showed that we could not rely on Basic Auth for some very particular cases (of POST requests), we wanted to replace Basic Auth with a pre-generated token based authentication mechanism for these cases. However, as there already is such a mechanism used to authenticate websocket connections, we simply extended the use of that mechanism. Therefore, the token that is initially generated for websocket connections is also now a valid token to authenticate any other connection. The relevant types and method names have been changed to reflect that. The javascript code pertaining to the sensitive cases mentioned above has been changed to use that token. Some doc has been added to point out how security-sensitive the OpDiscovery permission is, since it gives access to the auth token. Fixes issue #660 Change-Id: Iafed3b6e4804364ca2559414c8d87dc4a30f6637 |
||
|---|---|---|
| .. | ||
| appengine | ||
| camlistored | ||
| gae-py-blobserver | ||
| sigserver | ||
| tester | ||
| .gitignore | ||