diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-08-17 10:46:15 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-08-17 10:46:15 +0000 |
commit | 0d479e33a8ebe206dc5b62135f90880e54b6c117 (patch) | |
tree | 272c5ddc92ae1e568e6df554e94894ee66a2dfd1 /web/api/web_api_v2.c | |
parent | Releasing debian version 1.42.0-1. (diff) | |
download | netdata-0d479e33a8ebe206dc5b62135f90880e54b6c117.tar.xz netdata-0d479e33a8ebe206dc5b62135f90880e54b6c117.zip |
Merging upstream version 1.42.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'web/api/web_api_v2.c')
-rw-r--r-- | web/api/web_api_v2.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/web/api/web_api_v2.c b/web/api/web_api_v2.c index 850282121..e288a5c6b 100644 --- a/web/api/web_api_v2.c +++ b/web/api/web_api_v2.c @@ -53,16 +53,27 @@ static time_t bearer_get_token(uuid_t *uuid) { } #define HTTP_REQUEST_AUTHORIZATION_BEARER "\r\nAuthorization: Bearer " +#define HTTP_REQUEST_X_NETDATA_AUTH_BEARER "\r\nX-Netdata-Auth: Bearer " BEARER_STATUS extract_bearer_token_from_request(struct web_client *w, char *dst, size_t dst_len) { const char *req = buffer_tostring(w->response.data); size_t req_len = buffer_strlen(w->response.data); - const char *bearer = strcasestr(req, HTTP_REQUEST_AUTHORIZATION_BEARER); + const char *bearer = NULL; + const char *bearer_end = NULL; + + bearer = strcasestr(req, HTTP_REQUEST_X_NETDATA_AUTH_BEARER); + if(bearer) + bearer_end = bearer + sizeof(HTTP_REQUEST_X_NETDATA_AUTH_BEARER) - 1; + else { + bearer = strcasestr(req, HTTP_REQUEST_AUTHORIZATION_BEARER); + if(bearer) + bearer_end = bearer + sizeof(HTTP_REQUEST_AUTHORIZATION_BEARER) - 1; + } - if(!bearer) + if(!bearer || !bearer_end) return BEARER_STATUS_NO_BEARER_IN_HEADERS; - const char *token_start = bearer + sizeof(HTTP_REQUEST_AUTHORIZATION_BEARER) - 1; + const char *token_start = bearer_end; while(isspace(*token_start)) token_start++; |