Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 77:94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Wed, 15 Mar 2023 16:36:42 +0100 |
| parents | d301047ee3c4 |
| children | fac45493d547 |
comparison
equal
deleted
inserted
replaced
| 76:d301047ee3c4 | 77:94a9484d7f8f |
|---|---|
| 743 | 743 |
| 744 if (standardConfigurations.find("stone-webviewer") != standardConfigurations.end()) | 744 if (standardConfigurations.find("stone-webviewer") != standardConfigurations.end()) |
| 745 { | 745 { |
| 746 uncheckedFolders_.push_back("/stone-webviewer/"); | 746 uncheckedFolders_.push_back("/stone-webviewer/"); |
| 747 uncheckedResources_.insert("/system"); // for Stone to check that Orthanc is the server providing the data | 747 uncheckedResources_.insert("/system"); // for Stone to check that Orthanc is the server providing the data |
| 748 uncheckedResources_.insert("/tools/lookup"); // for Downloads (we consider that having access to tools/lookup can not give information about other patients/studies since it only return IDs, no patient data) | |
| 749 | 748 |
| 750 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); | 749 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); |
| 751 } | 750 } |
| 752 | 751 |
| 753 if (standardConfigurations.find("orthanc-explorer-2") != standardConfigurations.end()) | 752 if (standardConfigurations.find("orthanc-explorer-2") != standardConfigurations.end()) |