Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
manageiq-external-auth: do NOT require authentication for /api/produc…
…t_info API has 2 sets of requests which can go in unauthenticated: app/controllers/api/base_controller.rb 25: before_action :require_api_user_or_token, :except => [:options, :product_info] 27: before_action :validate_api_request, :except => [:product_info] 28: before_action :validate_api_action, :except => [:options, :product_info] That's OPTIONS requests, and a GET for /api/product_info. We don't need OPTIONS quite yet (except for CORS preflight, which is not supported for the API currently), but the Service UI is relying on unauthenticated /api/product_info to retrieve the URLs for brand assets (like the login screen logo). Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1790817
- Loading branch information