Moving UI API key authentication to X-Api-Key header.

2020-08-23 21:10:59 -04:00 · 2020-08-23 21:10:59 -04:00 · bb38d5397c
parent 138af20bb6
commit bb38d5397c
2 changed files with 5 additions and 9 deletions
--- a/bazarr/api.py
+++ b/bazarr/api.py
@ -54,8 +54,11 @@ def authenticate(actual_method):
        apikey_settings = settings.auth.apikey
        apikey_get = request.args.get('apikey')
        apikey_post = request.form.get('apikey')
+        apikey_header = None
+        if 'X-Api-Key' in request.headers:
+            apikey_header = request.headers['X-Api-Key']

-        if apikey_settings in [apikey_get, apikey_post]:
+        if apikey_settings in [apikey_get, apikey_post, apikey_header]:
            return actual_method(*args, **kwargs)

        return abort(401, message="Unauthorized")
--- a/views/_main.html
+++ b/views/_main.html
@ -495,14 +495,7 @@

        // Add apikey to all AJAX requests.
        $.ajaxSetup({
-            data: {
-                apikey: "{{ settings.auth.apikey }}"
-            }
-        });
-        $.ajaxPrefilter(function (options, originalOptions, jqXHR) {
-            if (originalOptions.data instanceof FormData) {
-                originalOptions.data.append("apikey", "{{ settings.auth.apikey }}");
-            }
+            headers: { 'X-Api-Key': "{{ settings.auth.apikey }}" }
        });

        $(window).on('beforeunload', function () {