Commit e0039701 authored by Diego Molteni's avatar Diego Molteni
Browse files

Merge branch 'slb/dm3/fix-auth-imptoken' into 'master'

fix: removed authorization requirements for imptoken refresh (obsolete)

See merge request !133
parents 2bfdf27d 50bafddd
Pipeline #49785 failed with stages
in 10 minutes and 53 seconds
......@@ -109,9 +109,13 @@ export class Server {
req.headers.authorization = req.get('slb-on-behalf-of');
}
// ensure the authorization header is passed
// ensure the authorization header is passed/
// the imptoken refresh method is now obsolete because was not secured.
// the imptoken endpoints are not enabled in any CSP but temporarily used in SLB only.
// the imptoken endpoints have been marked as obsoleted and will be deprecated with the
// next service upgrade (v3>v4)
if (!req.headers.authorization) {
if(!req.url.endsWith('svcstatus')) {
if(!((req.method === 'PUT' && req.url.endsWith('imptoken')) || req.url.endsWith('svcstatus'))) {
Response.writeError(res, Error.make(
Error.Status.UNAUTHENTICATED,
'Unauthenticated Access. Authorizations not found in the request.'));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment