From bb38d5397cbc94e53a8aa6ff3f1a7e59639cdfcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis=20V=C3=A9zina?= <5130500+morpheus65535@users.noreply.github.com> Date: Sun, 23 Aug 2020 21:10:59 -0400 Subject: [PATCH] Moving UI API key authentication to X-Api-Key header. --- bazarr/api.py | 5 ++++- views/_main.html | 9 +-------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/bazarr/api.py b/bazarr/api.py index a40fd6e3a..9db482869 100644 --- a/bazarr/api.py +++ b/bazarr/api.py @@ -54,8 +54,11 @@ def authenticate(actual_method): apikey_settings = settings.auth.apikey apikey_get = request.args.get('apikey') apikey_post = request.form.get('apikey') + apikey_header = None + if 'X-Api-Key' in request.headers: + apikey_header = request.headers['X-Api-Key'] - if apikey_settings in [apikey_get, apikey_post]: + if apikey_settings in [apikey_get, apikey_post, apikey_header]: return actual_method(*args, **kwargs) return abort(401, message="Unauthorized") diff --git a/views/_main.html b/views/_main.html index 014a4dfa4..adb4eec35 100644 --- a/views/_main.html +++ b/views/_main.html @@ -495,14 +495,7 @@ // Add apikey to all AJAX requests. $.ajaxSetup({ - data: { - apikey: "{{ settings.auth.apikey }}" - } - }); - $.ajaxPrefilter(function (options, originalOptions, jqXHR) { - if (originalOptions.data instanceof FormData) { - originalOptions.data.append("apikey", "{{ settings.auth.apikey }}"); - } + headers: { 'X-Api-Key': "{{ settings.auth.apikey }}" } }); $(window).on('beforeunload', function () {