Mercurial > hg > orthanc-authorization
diff Plugin/Plugin.cpp @ 77:94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 15 Mar 2023 16:36:42 +0100 |
parents | d301047ee3c4 |
children | fac45493d547 |
line wrap: on
line diff
--- a/Plugin/Plugin.cpp Thu Mar 09 14:37:52 2023 +0100 +++ b/Plugin/Plugin.cpp Wed Mar 15 16:36:42 2023 +0100 @@ -745,7 +745,6 @@ { uncheckedFolders_.push_back("/stone-webviewer/"); uncheckedResources_.insert("/system"); // for Stone to check that Orthanc is the server providing the data - uncheckedResources_.insert("/tools/lookup"); // for Downloads (we consider that having access to tools/lookup can not give information about other patients/studies since it only return IDs, no patient data) tokens_.insert(OrthancPlugins::Token(OrthancPlugins::TokenType_HttpHeader, "Authorization")); }