diff --git a/src/NzbDrone.Api/Authentication/EnableStatelessAuthInNancy.cs b/src/NzbDrone.Api/Authentication/EnableStatelessAuthInNancy.cs index 1bcb8685e..a7aae870d 100644 --- a/src/NzbDrone.Api/Authentication/EnableStatelessAuthInNancy.cs +++ b/src/NzbDrone.Api/Authentication/EnableStatelessAuthInNancy.cs @@ -5,7 +5,6 @@ using Nancy.Bootstrapper; using NzbDrone.Api.Extensions; using NzbDrone.Api.Extensions.Pipelines; using NzbDrone.Common; -using NzbDrone.Common.EnvironmentInfo; using NzbDrone.Core.Configuration; namespace NzbDrone.Api.Authentication @@ -28,9 +27,7 @@ namespace NzbDrone.Api.Authentication { Response response = null; - var authorizationHeader = context.Request.Headers.Authorization; - var apiKeyHeader = context.Request.Headers["X-Api-Key"].FirstOrDefault(); - var apiKey = apiKeyHeader.IsNullOrWhiteSpace() ? authorizationHeader : apiKeyHeader; + var apiKey = GetApiKey(context); if (context.Request.IsApiRequest() && !ValidApiKey(apiKey)) { @@ -46,5 +43,23 @@ namespace NzbDrone.Api.Authentication return true; } + + private string GetApiKey(NancyContext context) + { + var apiKeyHeader = context.Request.Headers["X-Api-Key"].FirstOrDefault(); + var apiKeyQueryString = context.Request.Query["ApiKey"]; + + if (!apiKeyHeader.IsNullOrWhiteSpace()) + { + return apiKeyHeader; + } + + if (apiKeyQueryString.HasValue) + { + return apiKeyQueryString.Value; + } + + return context.Request.Headers.Authorization; + } } } \ No newline at end of file