diff options
author | Jo-Philipp Wich <jo@mein.io> | 2020-01-07 09:08:49 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2020-01-07 09:10:19 +0100 |
commit | 38c9c9e0a2564b9644a56f1143f6acf0c9e272c8 (patch) | |
tree | 4556a887f52bf8d907be54776d4faa3d9e0644a8 /modules/luci-base | |
parent | 4b22060823d5f1ef94c4c439afad3e5c79eb71bc (diff) |
luci-base: dispatcher: fix rpc controller regression
When testing the luci-rpc authnetication, avoid clobbering the HTTP
post request body.
Fixes: #3470
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-base')
-rw-r--r-- | modules/luci-base/luasrc/dispatcher.lua | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index d4293422b5..8dac8d6b6e 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -305,7 +305,7 @@ local function tree_to_json(node, json) elseif subname == "rpc" and subnode.module == "luci.controller.rpc" then spec.auth = { login = false, - methods = { "param:auth", "cookie:sysauth" } + methods = { "query:auth", "cookie:sysauth" } } elseif subnode.module == "luci.controller.admin.uci" then spec.auth = { @@ -546,6 +546,8 @@ local function check_authentication(method) sid = http.getcookie(auth_param) elseif auth_type == "param" then sid = http.formvalue(auth_param) + elseif auth_type == "query" then + sid = http.formvalue(auth_param, true) end return session_retrieve(sid) |