KurlesHS/rclone
1
0
Fork 0
forked from TrueCloudLab/rclone
Code Pull requests Activity

rc: Skip auth for OPTIONS request

Browse source 
Before this change using --user and --pass was impossible on the rc
from a browser as the browser needed to make the OPTIONS request first
before sending Authorization: headers, but the OPTIONS request
required an Authorization: header.

After this change we allow OPTIONS requests to go through without
checking the Authorization: header.
This commit is contained in:
Nick Craig-Wood 2019-06-10 16:38:58 +01:00
parent e24cadc7a1
commit 550ab441c5
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
cmd/serve/httplib/httplib.go
View file

@ -150,6 +150,11 @@ func NewServer(handler http.Handler, opt *Options) *Server {
authenticator := auth.NewBasicAuthenticator(s.Opt.Realm, secretProvider) authenticator := auth.NewBasicAuthenticator(s.Opt.Realm, secretProvider)
oldHandler := handler oldHandler := handler
handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// No auth wanted for OPTIONS method
if r.Method == "OPTIONS" {
oldHandler.ServeHTTP(w, r)
return
}
if username := authenticator.CheckAuth(r); username == "" { if username := authenticator.CheckAuth(r); username == "" {
authHeader := r.Header.Get(authenticator.Headers.V().Authorization) authHeader := r.Header.Get(authenticator.Headers.V().Authorization)
if authHeader != "" { if authHeader != "" {