middleware: do not emit A2_OPENED_SESSION cookie on API requests (fixes #24407)

2018-06-10 22:27:27 +02:00 · 2018-06-10 22:27:27 +02:00 · ad4b1fe051
parent eb4530adcb
commit ad4b1fe051
1 changed files with 3 additions and 0 deletions
--- a/src/authentic2/middleware.py
+++ b/src/authentic2/middleware.py
@ -104,6 +104,9 @@ class CollectIPMiddleware(object):

 class OpenedSessionCookieMiddleware(object):
    def process_response(self, request, response):
+        # do not emit cookie for API requests
+        if request.path.startswith('/api/'):
+            return response
        if not app_settings.A2_OPENED_SESSION_COOKIE_DOMAIN:
            return response
        name = app_settings.A2_OPENED_SESSION_COOKIE_NAME