luci-base: dispatcher: fix rpc controller regression

When testing the luci-rpc authnetication, avoid clobbering the HTTP post request body. Fixes: #3470 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich <jo@mein.io> 2020-01-07 09:08:49 +0100
committer: Jo-Philipp Wich <jo@mein.io> 2020-01-07 09:10:19 +0100
commit: 38c9c9e0a2564b9644a56f1143f6acf0c9e272c8 (patch)
tree: 4556a887f52bf8d907be54776d4faa3d9e0644a8
parent: 4b22060823d5f1ef94c4c439afad3e5c79eb71bc (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index d4293422b..8dac8d6b6 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -305,7 +305,7 @@ local function tree_to_json(node, json)
 				elseif subname == "rpc" and subnode.module == "luci.controller.rpc" then
 					spec.auth = {
 						login = false,
-						methods = { "param:auth", "cookie:sysauth" }
+						methods = { "query:auth", "cookie:sysauth" }
 					}
 				elseif subnode.module == "luci.controller.admin.uci" then
 					spec.auth = {
@@ -546,6 +546,8 @@ local function check_authentication(method)
 		sid = http.getcookie(auth_param)
 	elseif auth_type == "param" then
 		sid = http.formvalue(auth_param)
+	elseif auth_type == "query" then
+		sid = http.formvalue(auth_param, true)
 	end
 
 	return session_retrieve(sid)
author	Jo-Philipp Wich <jo@mein.io>	2020-01-07 09:08:49 +0100
committer	Jo-Philipp Wich <jo@mein.io>	2020-01-07 09:10:19 +0100
commit	38c9c9e0a2564b9644a56f1143f6acf0c9e272c8 (patch)
tree	4556a887f52bf8d907be54776d4faa3d9e0644a8
parent	4b22060823d5f1ef94c4c439afad3e5c79eb71bc (diff)