perso/syncthing-arm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix STGUIAPIKEY and STGUIADDR overrides (fixes #2335)

Browse Source 
Also removes STGUIAUTH and corresponding --gui-authentication as this
seems fundamentally insecure and I'm unsure of the actual use case for
it?
This commit is contained in:
Jakob Borg
2015-09-30 09:32:17 +02:00
parent 6f6c1cd330
commit 15716a0772
3 changed files with 73 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/syncthing/gui_auth.go
View File

@@ -25,7 +25,6 @@ var (
)
func basicAuthAndSessionMiddleware(cookieName string, cfg config.GUIConfiguration, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if cfg.APIKey != "" && r.Header.Get("X-API-Key") == cfg.APIKey {
next.ServeHTTP(w, r)