forked from TrueCloudLab/rclone
rc: Skip auth for OPTIONS request
Before this change using --user and --pass was impossible on the rc from a browser as the browser needed to make the OPTIONS request first before sending Authorization: headers, but the OPTIONS request required an Authorization: header. After this change we allow OPTIONS requests to go through without checking the Authorization: header.
This commit is contained in:
Nick Craig-Wood
parent
e24cadc7a1
commit
550ab441c5
1 changed files with 5 additions and 0 deletions
|
|
@ -150,6 +150,11 @@ func NewServer(handler http.Handler, opt *Options) *Server {
|
|||
authenticator := auth.NewBasicAuthenticator(s.Opt.Realm, secretProvider)
|
||||
oldHandler := handler
|
||||
handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// No auth wanted for OPTIONS method
|
||||
if r.Method == "OPTIONS" {
|
||||
oldHandler.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
if username := authenticator.CheckAuth(r); username == "" {
|
||||
authHeader := r.Header.Get(authenticator.Headers.V().Authorization)
|
||||
if authHeader != "" {
|
||||
|
|
|
|||
Loading…
Reference in a new issue