Mercurial > hg > orthanc
comparison OrthancExplorer/explorer.js @ 3510:1a65beb5e52f
allow only 'token', 'auth-token' and 'authorization' as url params that are included in HTTP headers
author | Alain Mazy <alain@mazy.be> |
---|---|
date | Tue, 03 Sep 2019 10:33:26 +0200 |
parents | 5405d51e040d |
children | 2090ec6a83a5 |
comparison
equal
deleted
inserted
replaced
3509:5405d51e040d | 3510:1a65beb5e52f |
---|---|
89 { | 89 { |
90 Refresh(); | 90 Refresh(); |
91 } | 91 } |
92 }); | 92 }); |
93 | 93 |
94 var GetUrlParametersAsDict = function getUrlParametersAsDict(sParam) { | 94 function GetAuthorizationTokensFromUrl() { |
95 var urlVariables = window.location.search.substring(1).split('&'); | 95 var urlVariables = window.location.search.substring(1).split('&'); |
96 var dict = {}; | 96 var dict = {}; |
97 | 97 |
98 for (var i = 0; i < urlVariables.length; i++) { | 98 for (var i = 0; i < urlVariables.length; i++) { |
99 var split = urlVariables[i].split('='); | 99 var split = urlVariables[i].split('='); |
100 | 100 |
101 if (split.length == 2) { | 101 if (split.length == 2 && (split[0] == "token" || split[0] == "auth-token" || split[0] == "authorization")) { |
102 dict[split[0]] = split[1]; | 102 dict[split[0]] = split[1]; |
103 } | 103 } |
104 } | 104 } |
105 return dict; | 105 return dict; |
106 }; | 106 }; |
107 | 107 |
108 var initSearchParams = GetUrlParametersAsDict(); | 108 var authorizationTokens = GetAuthorizationTokensFromUrl(); |
109 | 109 |
110 /* Copy all url search parameters into HTTP headers in every request to the Rest API. | 110 /* Copy the authoziation toekn from the url search parameters into HTTP headers in every request to the Rest API. |
111 Thanks to this behaviour, you may specify a ?token=xxx in your url and this will be passed | 111 Thanks to this behaviour, you may specify a ?token=xxx in your url and this will be passed |
112 as the "token" header in every request to the API allowing you to use the authorization plugin */ | 112 as the "token" header in every request to the API allowing you to use the authorization plugin */ |
113 $.ajaxSetup( | 113 $.ajaxSetup( |
114 { | 114 { |
115 headers : initSearchParams | 115 headers : authorizationTokens |
116 } | 116 } |
117 ); | 117 ); |
118 | 118 |
119 | 119 |
120 function SplitLongUid(s) | 120 function SplitLongUid(s) |