entrouvert
/
modmellon
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Always let access to the metadata endpoint 

There is no reason to block it and when blocked it makes automatising
the metadata exchange using the WKL difficult.
This commit is contained in:
Benjamin Dauvergne 2011-12-09 16:21:31 +01:00
parent 9b10315fa3
commit 6c9abd363a
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
auth_mellon_handler.c
View File

@ -2989,6 +2989,16 @@ int am_check_uid(request_rec *r)
{
am_cache_entry_t *session;
int return_code = HTTP_UNAUTHORIZED;
am_dir_cfg_rec *dir = am_get_dir_cfg(r);
/* Always allow access to [endpoint_path]/metadata
*/
if (strstr(r->uri, dir->endpoint_path) == r->uri) {
char *endpoint = &r->uri[strlen(dir->endpoint_path)];
if (strcmp(endpoint, "metadata") == 0) {
return OK;
}
}
/* check if we are a subrequest. if we are, then just return OK
* without any checking since these cannot be injected (heh). */