Skip to content

Commit

Permalink
Fix #2567
Browse files Browse the repository at this point in the history 
After this change, an authenticated request, which requires auth (like /open) will set the secret cookie. This means that if a first request is authenticated with a URL param, then the second request will be authenticated using the cookie
  • Loading branch information
@fonsp
fonsp committed May 23, 2023
1 parent a23d477 commit 20515dd
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions src/webserver/Authentication.jl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,8 +103,7 @@ function auth_middleware(handler)
filter!(p -> p[1] != "Access-Control-Allow-Origin", response.headers)
HTTP.setheader(response, "Access-Control-Allow-Origin" => "*")
end

if HTTP.URI(request.target).path ("", "/")
if required || HTTP.URI(request.target).path ("", "/")
add_set_secret_cookie!(session, response)
end
response
Expand Down

1 comment on commit 20515dd

@j-fu
Copy link
Contributor

@j-fu j-fu commented on 20515dd May 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Please sign in to comment.