Mercurial > hg > orthanc-authorization
diff Plugin/AuthorizationWebService.cpp @ 59:a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
author | Alain Mazy <am@osimis.io> |
---|---|
date | Thu, 10 Nov 2022 10:25:01 +0100 |
parents | 317b31e99501 |
children | 5281a859248d |
line wrap: on
line diff
--- a/Plugin/AuthorizationWebService.cpp Wed Nov 09 18:17:03 2022 +0100 +++ b/Plugin/AuthorizationWebService.cpp Thu Nov 10 10:25:01 2022 +0100 @@ -21,6 +21,7 @@ #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" #include <Logging.h> +#include <Toolbox.h> namespace OrthancPlugins { @@ -93,10 +94,16 @@ token->GetType() == TokenType_HttpHeader) { // If the token source is a HTTP header, forward it also as a - // HTTP header - headersKeys[headersCount] = token->GetKey().c_str(); - headersValues[headersCount] = tokenValue.c_str(); - headersCount++; + // HTTP header except if it is the Authorization header that might conflict with username_ and password_ + std::string lowerTokenKey; + Orthanc::Toolbox::ToLowerCase(lowerTokenKey, token->GetKey()); + + if (!(lowerTokenKey == "authorization" && !username_.empty())) + { + headersKeys[headersCount] = token->GetKey().c_str(); + headersValues[headersCount] = tokenValue.c_str(); + headersCount++; + } } // set the correct content type for the outgoing