johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2024-01-16 16:17:16 +01:00
parent e5aa76730f
commit c3b9b73d1d
10 changed files with 223 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/api/api_auth.go
View File

@@ -18,6 +18,11 @@ func Auth(c *gin.Context, resource acl.Resource, grant acl.Permission) *entity.S
// AuthAny checks if the user is authorized to access a resource with any of the specified permissions
// and returns the session or nil otherwise.
func AuthAny(c *gin.Context, resource acl.Resource, grants acl.Permissions) (s *entity.Session) {
// Prevent CDNs from caching responses that require authentication.
if header.IsCdn(c.Request) {
return entity.SessionStatusForbidden()
}
// Get client IP and auth token from the request headers.
clientIp := ClientIP(c)
authToken := AuthToken(c)