diff options
| author | Jakob Borg <jakob@kastelo.net> | 2023-11-14 11:57:39 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-14 11:57:39 +0100 |
| commit | 439c6c5b7c64eb8f06d2cd4d8f66e27d0e277d2d (patch) | |
| tree | 355e712079d49f8233ca0396cdda9a89a4f242d4 /next-gen-gui | |
| parent | aaee0c126b8aef480489f157eab34bdacaf92499 (diff) | |
| download | syncthing-439c6c5b7c64eb8f06d2cd4d8f66e27d0e277d2d.tar.gz syncthing-439c6c5b7c64eb8f06d2cd4d8f66e27d0e277d2d.zip | |
lib/api: Add cache busting for basic auth (ref #9208) (#9215)v1.27.0-rc.1
This adds our short device ID to the basic auth realm. This has at least
two consequences:
- It is different from what's presented by another device on the same
address (e.g., if I use SSH forwards to different dives on the same
local address), preventing credentials for one from being sent to
another.
- It is different from what we did previously, meaning we avoid cached
credentials from old versions interfering with the new login flow.
I don't *think* there should be things that depend on our precise realm
string, so this shouldn't break any existing setups...
Sneakily this also changes the session cookie and CSRF name, because I
think `id.Short().String()` is nicer than `id.String()[:5]` and the
short ID is two characters longer. That's also not a problem...
Diffstat (limited to 'next-gen-gui')
| -rw-r--r-- | next-gen-gui/src/app/api-utils.ts | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/next-gen-gui/src/app/api-utils.ts b/next-gen-gui/src/app/api-utils.ts index 50d0a874d..13d4137c7 100644 --- a/next-gen-gui/src/app/api-utils.ts +++ b/next-gen-gui/src/app/api-utils.ts @@ -1,8 +1,7 @@ import { environment } from '../environments/environment' export const deviceID = (): String => { - const dID: String = environment.production ? globalThis.metadata['deviceID'] : '12345'; - return dID.substring(0, 5) + return environment.production ? globalThis.metadata['deviceIDShort'] : '1234567'; } export const apiURL: String = '/' |