You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just to explain my use-case: I host a single instance of the tiddlywiki server, and I expose it through two different hostnames. Through one of these hostnames, the header containing the current username is set, not so through the other one. This allows me to present a read-only version to the public, while requiring authentication for myself when I want to edit my wiki.
What seems to be happening is that authenticated-user-header URI-decodes the header value, which happens to be undefined when the header is absent from the request. This decoding happens by (indirectly) calling decodeURIComponent(), and node's implementation returns "undefined" when the input is undefined (which appears to be conforming to the ECMAScript spec1,2).
Changing authenticateRequest in header.js to the following seems to fix my problem:
HeaderAuthenticator.prototype.authenticateRequest=function(request,response,state){// Otherwise, authenticate as the username in the specified header varusername=request.headers[this.header];if(!username&&!state.allowAnon){response.writeHead(401,"Authorization header required to login to '"+state.server.servername+"'");response.end();returnfalse;}if(username){// authenticatedUsername will be undefined for anonymous users state.authenticatedUsername=$tw.utils.decodeURIComponentSafe(username);}returntrue;};
The text was updated successfully, but these errors were encountered:
Describe the bug
The
authenticated-user-header
authentication works correctly when the specified header is present, but it does not when it isn't.Expected behavior
A
GET
tohttps://tiddlywiki.example.com/status
should return a JSON object containing:Instead, I'm getting:
To Reproduce
Screenshots
No response
TiddlyWiki Configuration
Desktop:
Additional context
Just to explain my use-case: I host a single instance of the tiddlywiki server, and I expose it through two different hostnames. Through one of these hostnames, the header containing the current username is set, not so through the other one. This allows me to present a read-only version to the public, while requiring authentication for myself when I want to edit my wiki.
What seems to be happening is that
authenticated-user-header
URI-decodes the header value, which happens to beundefined
when the header is absent from the request. This decoding happens by (indirectly) callingdecodeURIComponent()
, and node's implementation returns"undefined"
when the input isundefined
(which appears to be conforming to the ECMAScript spec1,2).Changing
authenticateRequest
inheader.js
to the following seems to fix my problem:The text was updated successfully, but these errors were encountered: