Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization header should be used for authentication against an origin server #971

Closed
yiannistri opened this issue Oct 27, 2021 · 0 comments · Fixed by #1052
Closed

Authorization header should be used for authentication against an origin server #971

yiannistri opened this issue Oct 27, 2021 · 0 comments · Fixed by #1052
Assignees
@luizbafilho
Labels
type/enhancement New feature or request

Comments

@yiannistri
Copy link
Contributor

Describe the bug
Currently, the Authorization header is used to accept GH tokens so that HTTP handlers can interact with GH on behalf of a user. However, a different header should be used instead in order to distinguish between API endpoint authorization (i.e. listing clusters or templates) and endpoints that require interaction with GH or other git providers (i.e. create a cluster PR). I suggest the use of an alternative header name instead i.e. Git-Provider-Token and reserve the Authorization header for securing the endpoints.

Environment
gitops: v0.3.3

Affects versions
v0.3.3

Expected behavior
Use a header other than Authorization to check for the GH token

https://datatracker.ietf.org/doc/html/rfc7235#section-4.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@luizbafilho luizbafilho

Labels
type/enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Renaming Git Provider Token header weaveworks/weave-gitops
3 participants
@luizbafilho @yiannistri @rokshana-b