Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Fixes request #33314: Headers missing on preflight requests on tus server endpoint

Download Browse

The unnecessary check regarding the fact the user is logged in or not has been removed from the FileUploadController. Doing it at this level is problematic because we cannot deal with preflight requests as they do not come with the authentication information. In any cases the responsability of checking if a user can or cannot do something is the responsability of the implementations of \Tuleap\Tus\TusDataStore as it is ultimately dependant of the local rules. To test, do an OPTIONS request with curl (or the tool of your liking) to a tus server endpoint (e.g. `/uploads/tracker/file/1`). You should get a 204 with the proper access-control headers set. Change-Id: If66abeebeff80a8946f781efe5c8e839539f6543

+2 −26
Thomas Gerbet (tgerbet) 2023-07-18 11:57
Thomas Gerbet (tgerbet) 2023-07-18 11:57
16422df186d10f4b87337db71a0ac011b2f640da
884ac9b8e69f0fa8211de2f452a2b2694529ca9e
git #tuleap/stable/16422df186d10f4b87337db71a0ac011b2f640da

Modified Files

Side by side diff
Inline diff
Name
M src/common/Upload/FileUploadController.php +2 −26 Go to diff View file