Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 77:94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 15 Mar 2023 16:36:42 +0100 |
parents | d301047ee3c4 |
children | fac45493d547 |
comparison
equal
deleted
inserted
replaced
76:d301047ee3c4 | 77:94a9484d7f8f |
---|---|
743 | 743 |
744 if (standardConfigurations.find("stone-webviewer") != standardConfigurations.end()) | 744 if (standardConfigurations.find("stone-webviewer") != standardConfigurations.end()) |
745 { | 745 { |
746 uncheckedFolders_.push_back("/stone-webviewer/"); | 746 uncheckedFolders_.push_back("/stone-webviewer/"); |
747 uncheckedResources_.insert("/system"); // for Stone to check that Orthanc is the server providing the data | 747 uncheckedResources_.insert("/system"); // for Stone to check that Orthanc is the server providing the data |
748 uncheckedResources_.insert("/tools/lookup"); // for Downloads (we consider that having access to tools/lookup can not give information about other patients/studies since it only return IDs, no patient data) | |
749 | 748 |
750 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); | 749 tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); |
751 } | 750 } |
752 | 751 |
753 if (standardConfigurations.find("orthanc-explorer-2") != standardConfigurations.end()) | 752 if (standardConfigurations.find("orthanc-explorer-2") != standardConfigurations.end()) |