projects / arvados.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 1a6a840) | patch
12216: Allow Authorization header in cross-origin requests.
authorTom Clegg <tclegg@veritasgenetics.com>
Mon, 16 Oct 2017 18:03:30 +0000 (14:03 -0400)
committerTom Clegg <tclegg@veritasgenetics.com>
Mon, 16 Oct 2017 18:03:30 +0000 (14:03 -0400)
commit337de2e3dfeacc5054cb644513be61f5d35585ae
tree3ed13762dbc7f27bc2e87d2173d36517573fdaebtree | snapshot
parent1a6a840d3bad6c28d8fa4c04a7610fbb8bf8423fcommit | diff
12216: Allow Authorization header in cross-origin requests.

This allows browser-based applications to send tokens in Authorization
headers. This is the only token-passing mechanism that neither exposes
the token inappropriately in proxy/server logs nor interferes with
webdav's use of request bodies.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>
services/keep-web/handler.go diff | blob | history
services/keep-web/handler_test.go diff | blob | history