API calls authorized with HTTP header

This mod allows API calls to be authorized with HTTP header when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without it user authenticated by reverse proxy is able to access gitea UI but not API which is inconsistent. Author-Change-Id: IB#1107572
Chianina · Mar 18, 2021 · dc952c0 · dc952c0
1 parent 0a23079
commit dc952c0
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
@@ -197,6 +197,10 @@ func reqToken() func(ctx *context.APIContext) {
 			return
 		}
 		if ctx.IsSigned {
+			// Don't require token if already authenticated by reverse proxy.
+			if setting.Service.EnableReverseProxyAuth {
+				return
+			}
 			ctx.RequireCSRF()
 			return
 		}