4e879fed90
## Changes - Add deprecation warning to `Token` and `AccessToken` authentication methods in swagger. - Add deprecation warning header to API response. Example: ``` HTTP/1.1 200 OK ... Warning: token and access_token API authentication is deprecated ... ``` - Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth tokens entirely. Default is `false` ## Next steps - `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and the methods should be removed in swagger - `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of the auth methods in question should be removed ## Open questions - Should there be further changes to the swagger documentation? Deprecation is not yet supported for security definitions (coming in [OpenAPI Spec version 3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506)) - Should the API router logger sanitize urls that use `token` or `access_token`? (This is obviously an insufficient solution on its own) --------- Co-authored-by: delvh <dev.lh@web.de> |
||
---|---|---|
.. | ||
config | ||
actions.go | ||
actions_test.go | ||
admin.go | ||
api.go | ||
asset_dynamic.go | ||
asset_static.go | ||
attachment.go | ||
attachment_test.go | ||
cache.go | ||
camo.go | ||
config.go | ||
config_env.go | ||
config_env_test.go | ||
config_provider.go | ||
config_provider_test.go | ||
cors.go | ||
cron.go | ||
cron_test.go | ||
database.go | ||
database_sqlite.go | ||
database_test.go | ||
federation.go | ||
git.go | ||
git_test.go | ||
highlight.go | ||
i18n.go | ||
incoming_email.go | ||
indexer.go | ||
indexer_test.go | ||
lfs.go | ||
lfs_test.go | ||
log.go | ||
log_test.go | ||
mailer.go | ||
mailer_test.go | ||
markup.go | ||
metrics.go | ||
migrations.go | ||
mime_type_map.go | ||
mirror.go | ||
oauth2.go | ||
other.go | ||
packages.go | ||
packages_test.go | ||
path.go | ||
path_test.go | ||
picture.go | ||
project.go | ||
proxy.go | ||
queue.go | ||
repository.go | ||
repository_archive.go | ||
repository_archive_test.go | ||
security.go | ||
server.go | ||
service.go | ||
service_test.go | ||
session.go | ||
setting.go | ||
setting_test.go | ||
ssh.go | ||
storage.go | ||
storage_test.go | ||
task.go | ||
time.go | ||
ui.go | ||
webhook.go |