Vote #79362
未完了could the RESTAPI be used in the plugin with auth again?
0%
説明
I wrote a plugin.
when I use $.ajax to access some rest api in the plugin, A login dialog is shown even if I have already logged in with redmine web.
could their a way for the RESTAPI to use the current user auth?
journals
without
--------------------------------------------------------------------------------
I have the same issue, where basically any ajax call from a logged in user asking for json or xml format requires a separate authentication (e.g. /issues.json), but any other format does not (e.g. /issues).
I can see this is due to this commit: https://github.com/redmine/redmine/commit/ed165f671620409c39830a7d8326d37c27ea2fc1
Is there a security reason to that?
--------------------------------------------------------------------------------
Stephane Evr wrote:
> I have the same issue, where basically any ajax call from a logged in user asking for json or xml format requires a separate authentication (e.g. /issues.json), but any other format does not (e.g. /issues).
>
> I can see this is due to this commit: https://github.com/redmine/redmine/commit/ed165f671620409c39830a7d8326d37c27ea2fc1
> Is there a security reason to that?
In my opinion, as long as the Ajax request contains Session Token + CSRF Token, there should not be any problem, no? And if no CSRF token is present, fallback to API auth mechanism.
--------------------------------------------------------------------------------