View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0025362||mantisbt||api rest||public||2019-01-21 03:09||2019-08-04 00:06|
|Target Version||2.22.0||Fixed in Version||2.22.0|
|Summary||0025362: REST API support for multiple authorization headers|
In my company we use Mantis along with other applications. Our testing infrastructure is behind a ngning proxy with Basic Authentication.
I recently tried to use the Rest API in Mantis. While it works well on our production server, I get rejected with an unauthorized error on the testing instance.
After some digging in the code, it looks like the fact that Mantis relies on the "Authorization" header key is a problem. It conflicts with basic authentification which relies on this key as well. The same header key can't be used twice.
As a temporary workaround, I patched
I would suggest the following changes in the code :
If it sounds good I can provide a PR.
|Steps To Reproduce|
If you run apache, I think this can easily be reproduced using apache and an .htaccess file.
|Tags||No tags attached.|
I'm leaning towards handling multiple authorization headers with same name if that works for @pgiraud
PRs are welcome.
|2019-01-21 03:09||pgiraud||New Issue|
|2019-07-03 11:28||l2m||Note Added: 0062350|
|2019-07-04 20:22||vboctor||Assigned To||=> vboctor|
|2019-07-04 20:22||vboctor||Status||new => assigned|
|2019-07-04 20:31||vboctor||Note Edited: 0062350||View Revisions|
|2019-07-04 20:35||vboctor||Note Added: 0062358|
|2019-07-04 20:43||vboctor||Assigned To||vboctor =>|
|2019-07-04 20:43||vboctor||Status||assigned => acknowledged|
|2019-08-03 17:30||vboctor||Changeset attached||=> MantisBT master 8e84c922|
|2019-08-03 17:30||vboctor||Assigned To||=> vboctor|
|2019-08-03 17:30||vboctor||Status||acknowledged => resolved|
|2019-08-03 17:30||vboctor||Resolution||open => fixed|
|2019-08-03 17:30||vboctor||Fixed in Version||=> 2.22.0|
|2019-08-03 17:30||vboctor||Assigned To||vboctor => community|
|2019-08-03 17:30||vboctor||Target Version||=> 2.22.0|
|2019-08-04 00:06||vboctor||Summary||API_TOKEN conflicts with basic auth => REST API support for multiple authorization headers|