Fixes #32257 - use trusted hosts to authorize clients

lib/smart_proxy_openscap/openscap_api.rb

@@ -25,6 +25,13 @@ class Api < ::Sinatra::Base
     include ::Proxy::Log
     helpers ::Proxy::Helpers
     authorize_with_ssl_client
+    CLIENT_PATHS = Regexp.compile(%r{^(/arf/\d+|/policies/\d+/content/|/policies/\d+/tailoring/)})
+
+    # authorize via trusted hosts but let client paths in without such authorization
+    before do
+      pass if request.path_info =~ CLIENT_PATHS
+      do_authorize_with_trusted_hosts
+    end
 
     post "/arf/:policy" do
       # first let's verify client's certificate