Add a way to use a JWT in an HTTP only cookie

If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie.
author: jerebear12 <72420925+jerebear12@users.noreply.github.com> 2023-12-04 14:02:45 -0600
committer: Chris Lu <chrislusf@users.noreply.github.com> 2023-12-05 08:57:01 -0800
commit: d5d9fbb8aa5e86f2b866e25f58bf36a7a989478d (patch)
tree: ff2e6dcef8e43190ce51aaac00a475cadb81e61e /weed/security/jwt.go
parent: 4aeca48b6dd8aba229b10f65b13d81df0e4e387e (diff)
download: seaweedfs-d5d9fbb8aa5e86f2b866e25f58bf36a7a989478d.tar.xz
seaweedfs-d5d9fbb8aa5e86f2b866e25f58bf36a7a989478d.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/weed/security/jwt.go b/weed/security/jwt.go
index 446c3c21d..d859e9ea8 100644
--- a/weed/security/jwt.go
+++ b/weed/security/jwt.go
@@ -83,6 +83,14 @@ func GetJwt(r *http.Request) EncodedJwt {
 		}
 	}
 
+	// Get token from http only cookie
+	if tokenStr == "" {
+		token, err := r.Cookie("AT")
+		if err == nil {
+			tokenStr = token.Value
+		}
+	}
+
 	return EncodedJwt(tokenStr)
 }
author	jerebear12 <72420925+jerebear12@users.noreply.github.com>	2023-12-04 14:02:45 -0600
committer	Chris Lu <chrislusf@users.noreply.github.com>	2023-12-05 08:57:01 -0800
commit	d5d9fbb8aa5e86f2b866e25f58bf36a7a989478d (patch)
tree	ff2e6dcef8e43190ce51aaac00a475cadb81e61e /weed/security/jwt.go
parent	4aeca48b6dd8aba229b10f65b13d81df0e4e387e (diff)
download	seaweedfs-d5d9fbb8aa5e86f2b866e25f58bf36a7a989478d.tar.xz seaweedfs-d5d9fbb8aa5e86f2b866e25f58bf36a7a989478d.zip