Mercurial > hg > orthanc

changeset 3510:1a65beb5e52f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
allow only 'token', 'auth-token' and 'authorization' as url params that are included in HTTP headers
author Alain Mazy <alain@mazy.be>
date Tue, 03 Sep 2019 10:33:26 +0200
parents 5405d51e040d
children 6b61ba835964
files OrthancExplorer/explorer.js
diffstat 1 files changed, 5 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/OrthancExplorer/explorer.js	Tue Sep 03 09:49:10 2019 +0200
+++ b/OrthancExplorer/explorer.js	Tue Sep 03 10:33:26 2019 +0200
@@ -91,28 +91,28 @@
   }
 });
 
-var GetUrlParametersAsDict = function getUrlParametersAsDict(sParam) {
+function GetAuthorizationTokensFromUrl() {
   var urlVariables = window.location.search.substring(1).split('&');
   var dict = {};
 
   for (var i = 0; i < urlVariables.length; i++) {
       var split = urlVariables[i].split('=');
 
-      if (split.length == 2) {
+      if (split.length == 2 && (split[0] == "token" || split[0] == "auth-token" || split[0] == "authorization")) {
         dict[split[0]] = split[1];
       }
   }
   return dict;
 };
 
-var initSearchParams = GetUrlParametersAsDict();
+var authorizationTokens = GetAuthorizationTokensFromUrl();
 
-/* Copy all url search parameters into HTTP headers in every request to the Rest API.  
+/* Copy the authoziation toekn from the url search parameters into HTTP headers in every request to the Rest API.  
 Thanks to this behaviour, you may specify a ?token=xxx in your url and this will be passed 
 as the "token" header in every request to the API allowing you to use the authorization plugin */
 $.ajaxSetup(
   {
-    headers : initSearchParams
+    headers : authorizationTokens
   }
 );