X-SCM-Session-ID and X-SCM-Client could now be send via query parameter

The use of query parameters is required for SSE, because the standard does not support header. This works currently only for GET request to avoid parsing of request body.
2026-03-02 02:10:53 +01:00 · 2020-03-20 11:10:05 +01:00
parent c34d76d318
commit f8f5aa2ebd
10 changed files with 145 additions and 59 deletions
--- a/scm-webapp/src/main/java/sonia/scm/web/CookieBearerWebTokenGenerator.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/CookieBearerWebTokenGenerator.java
@@ -40,6 +40,8 @@ import sonia.scm.security.BearerToken;

 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
+
+import sonia.scm.security.SessionId;
 import sonia.scm.util.HttpUtil;

 /**
@@ -62,19 +64,14 @@ public class CookieBearerWebTokenGenerator implements WebTokenGenerator
   * @return {@link BearerToken} or {@code null}
   */
  @Override
-  public BearerToken createToken(HttpServletRequest request)
-  {
+  public BearerToken createToken(HttpServletRequest request) {
    BearerToken token = null;
    Cookie[] cookies = request.getCookies();

-    if (cookies != null)
-    {
-      for (Cookie cookie : cookies)
-      {
-        if (HttpUtil.COOKIE_BEARER_AUTHENTICATION.equals(cookie.getName()))
-        {
-          String sessionId = HttpUtil.getHeader(request, HttpUtil.HEADER_SCM_SESSION, null);
-          token = BearerToken.create(sessionId, cookie.getValue());
+    if (cookies != null) {
+      for (Cookie cookie : cookies) {
+        if (HttpUtil.COOKIE_BEARER_AUTHENTICATION.equals(cookie.getName())) {
+          token = BearerToken.create(SessionId.from(request).orElse(null), cookie.getValue());

          break;
        }