Commit 50bafddd authored by Diego Molteni's avatar Diego Molteni
Browse files

fixed obsolete imptoken check rule

parent d18e89d7
Pipeline #49684 passed with stages
in 10 minutes and 42 seconds
......@@ -109,9 +109,13 @@ export class Server {
req.headers.authorization = req.get('slb-on-behalf-of');
// ensure the authorization header is passed
// ensure the authorization header is passed/
// the imptoken refresh method is now obsolete because was not secured.
// the imptoken endpoints are not enabled in any CSP but temporarily used in SLB only.
// the imptoken endpoints have been marked as obsoleted and will be deprecated with the
// next service upgrade (v3>v4)
if (!req.headers.authorization) {
if(!req.url.endsWith('svcstatus')) {
if(!((req.method === 'PUT' && req.url.endsWith('imptoken')) || req.url.endsWith('svcstatus'))) {
Response.writeError(res, Error.make(
'Unauthenticated Access. Authorizations not found in the request.'));
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment