diff options
author | lorchard@mozilla.com <lorchard@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2009-06-10 15:02:31 (GMT) |
---|---|---|
committer | lorchard@mozilla.com <lorchard@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2009-06-10 15:02:31 (GMT) |
commit | 6c4d4c07d293fc5322e1ada67dcae5b61159c274 (patch) | |
tree | 669312cef50beaea5974d1f438d6e2acd70d77d1 | |
parent | a9b7187cdefa85529850dc3a5fc62a69627efb7d (diff) |
bug 496612: quick tweaks to collections API auth, r=wenzel
git-svn-id: http://svn.mozilla.org/addons/trunk@27457 4eb1ac78-321c-0410-a911-ec516a8615a5
-rw-r--r-- | site/app/controllers/sharing_api_controller.php | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/site/app/controllers/sharing_api_controller.php b/site/app/controllers/sharing_api_controller.php index 5832401..0f7713d 100644 --- a/site/app/controllers/sharing_api_controller.php +++ b/site/app/controllers/sharing_api_controller.php @@ -87,10 +87,11 @@ class SharingApiController extends AppController const STATUS_UNSUPPORTED_MEDIA = '415 Unsupported Media Type'; const STATUS_ERROR = '500 Internal Server Error'; - var $cache_lifetime = 10; // 10 seconds + var $cache_lifetime = 0; // 0 seconds function forceCache() { header('Cache-Control: public, max-age=' . $this->cache_lifetime); + header('Vary: X-API-Auth'); header('Last-Modified: ' . gmdate("D, j M Y H:i:s", $this->last_modified) . " GMT"); header('Expires: ' . gmdate("D, j M Y H:i:s", $this->last_modified + $this->cache_lifetime) . " GMT"); } @@ -1400,17 +1401,14 @@ class SharingApiController extends AppController function getAuthUser() { $auth_user = null; + // 1: Check an auth header token if (null == $auth_user && !empty($_SERVER['HTTP_X_API_AUTH'])) { // Try accepting an API auth token in a header. $token = $_SERVER['HTTP_X_API_AUTH']; $auth_user = $this->ApiAuthToken->getUserForAuthToken($token); } - if (null == $auth_user && $this->Session->check('User')) { - // Try grabbing the user from a logged in session. - $auth_user = $this->Session->read('User'); - } - + // 2: Check HTTP basic auth if (null == $auth_user && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { |