This patch makes it possible to pass the PVETicket inside the HTTP Authorization header as second option to the traditional cookie approach. Cookies can only be set by using the browser apis e.g. document.cookie, a client is not allowed to set a cookie header on a request object manually as long as it is in a browser context. To simplfy this you can now pass the received ticket inside the Authorization header on subsequent requests which should work regardless of the context. This should as well free anyone to think about how the browser handles the cookie, e.g. session restore etc.
The new "extract_ticket_from_auth_header" is almost identical to the old one. The only difference for now is a space instead of "=" between the type and the actual token, because this is the common way when using the Authorization header AFAIK. Tim Marx (1): allow ticket in auth header as fallback PVE/APIServer/AnyEvent.pm | 5 +++++ PVE/APIServer/Formatter.pm | 12 ++++++++++++ 2 files changed, 17 insertions(+) manager: PVE/Service/pveproxy.pm | 7 +++++++ 1 file changed, 7 insertions(+) -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel