11453: Check HTTP method of token validation request.

author Tom Clegg <tclegg@veritasgenetics.com>

Fri, 24 Nov 2017 17:18:11 +0000 (12:18 -0500)

committer Tom Clegg <tclegg@veritasgenetics.com>

Fri, 24 Nov 2017 17:18:11 +0000 (12:18 -0500)
author Tom Clegg <tclegg@veritasgenetics.com>
Fri, 24 Nov 2017 17:18:11 +0000 (12:18 -0500)
committer Tom Clegg <tclegg@veritasgenetics.com>
Fri, 24 Nov 2017 17:18:11 +0000 (12:18 -0500)
diff --git a/services/api/app/middlewares/arvados_api_token.rb b/services/api/app/middlewares/arvados_api_token.rb

index 3d680cbfb93578d28dd7e3dbc3706d769e1e7742..105b00faa4dc4d108737949381f9f5c40d8c17ca 100644 (file)
--- a/services/api/app/middlewares/arvados_api_token.rb
+++ b/services/api/app/middlewares/arvados_api_token.rb
@@ -26,7 +26,7 @@ class ArvadosApiToken
        env["HTTP_AUTHORIZATION"].andand.
          match(/(OAuth2|Bearer) ([-\/a-zA-Z0-9]+)/).andand[2]
  
-    if params[:remote] && (
+    if params[:remote] && request.get? && (
           request.path.start_with?('/arvados/v1/groups') ||
           request.path.start_with?('/arvados/v1/users/current'))
        # Request from a remote API server, asking to validate a salted
author	Tom Clegg <tclegg@veritasgenetics.com>
	Fri, 24 Nov 2017 17:18:11 +0000 (12:18 -0500)
committer	Tom Clegg <tclegg@veritasgenetics.com>
	Fri, 24 Nov 2017 17:18:11 +0000 (12:18 -0500)