• Iustin Pop's avatar
    Fix HTTP server library handling of credentials · 81b59aaf
    Iustin Pop authored
    Currently the http library only checks credentials when authentication
    is required. This means that any credentials are accepted on the root
    resource, for example, which makes problems hard to diagnose - the
    user/pw works for all queries, until one tries to do a modification at
    which point fails.
    This patch changes the PreHandleRequest() function to not ignore
    credentials when passed, even if we don't require authentication. This
    makes the behavior of RAPI more predictable.
    Signed-off-by: default avatarIustin Pop <iustin@google.com>
    Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
auth.py 6.77 KB