opendev/gerrit
Code Issues Proposed changes

Allow additional cookies during xd requests

Browse Source 
Some HTTP servers sitting in front of Gerrit may have additional
authentication demands beyond what Gerrit requires for the xd request
format.  Allow xd requests with additional cookies to support these
servers to authenticate requests and forward to Gerrit.

Change-Id: I11562ab19c052dda5647cccb29265368e45a1159
This commit is contained in:
Shawn Pearce
2017-08-09 07:37:59 -07:00
parent 7cf423d608
commit 1b5b6ab3c8
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
gerrit-httpd/src/main/java/com/google/gerrit/httpd/restapi/RestApiServlet.java
View File

@@ -554,6 +554,7 @@ public class RestApiServlet extends HttpServlet {
}
res.addHeader(VARY, ORIGIN);
res.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
res.setHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
} else if (!Strings.isNullOrEmpty(origin)) {
// All other requests must be processed, but conditionally set CORS headers.
if (globals.allowOrigin != null) {