orthanc: OrthancExplorer/explorer.js comparison

comparison OrthancExplorer/explorer.js @ 3510:1a65beb5e52f

allow only 'token', 'auth-token' and 'authorization' as url params that are included in HTTP headers

author	Alain Mazy <alain@mazy.be>
date	Tue, 03 Sep 2019 10:33:26 +0200
parents	5405d51e040d
children	2090ec6a83a5

comparison

equal deleted inserted replaced

-:5405d51e040d
+:1a65beb5e52f
 {
 Refresh();
 }
 });
-var GetUrlParametersAsDict = function getUrlParametersAsDict(sParam) {
+function GetAuthorizationTokensFromUrl() {
 var urlVariables = window.location.search.substring(1).split('&');
 var dict = {};
 for (var i = 0; i < urlVariables.length; i++) {
 var split = urlVariables[i].split('=');
-if (split.length == 2) {
+if (split.length == 2 && (split[0] == "token" || split[0] == "auth-token" || split[0] == "authorization")) {
 dict[split[0]] = split[1];
 }
 }
 return dict;
 };
-var initSearchParams = GetUrlParametersAsDict();
+var authorizationTokens = GetAuthorizationTokensFromUrl();
-/* Copy all url search parameters into HTTP headers in every request to the Rest API.
+/* Copy the authoziation toekn from the url search parameters into HTTP headers in every request to the Rest API.
 Thanks to this behaviour, you may specify a ?token=xxx in your url and this will be passed
 as the "token" header in every request to the API allowing you to use the authorization plugin */
 $.ajaxSetup(
 {
-headers : initSearchParams
+headers : authorizationTokens
 }
 );
 function SplitLongUid(s)