mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
MM-52655 Allow plugin requests to include Authorization headers from external systems (#24391)
* remove the authorization header if the request is from an authenticated MM user * fix lint Co-authored-by: Michael Kochell <6913320+mickmister@users.noreply.github.com> --------- Co-authored-by: Michael Kochell <6913320+mickmister@users.noreply.github.com> Co-authored-by: Mattermost Build <build@mattermost.com>
This commit is contained in:
KyeongSoo Kim
GitHub
parent
5e94af1302
commit
e1f72576fb
@ -208,6 +208,8 @@ func (ch *Channels) servePluginRequest(w http.ResponseWriter, r *http.Request, h
|
|||||||
if (session != nil && session.Id != "") && err == nil && csrfCheckPassed {
|
if (session != nil && session.Id != "") && err == nil && csrfCheckPassed {
|
||||||
r.Header.Set("Mattermost-User-Id", session.UserId)
|
r.Header.Set("Mattermost-User-Id", session.UserId)
|
||||||
context.SessionId = session.Id
|
context.SessionId = session.Id
|
||||||
|
|
||||||
|
r.Header.Del(model.HeaderAuth)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -218,7 +220,6 @@ func (ch *Channels) servePluginRequest(w http.ResponseWriter, r *http.Request, h
|
|||||||
r.AddCookie(c)
|
r.AddCookie(c)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
r.Header.Del(model.HeaderAuth)
|
|
||||||
r.Header.Del("Referer")
|
r.Header.Del("Referer")
|
||||||
|
|
||||||
params := mux.Vars(r)
|
params := mux.Vars(r)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user