aboutsummaryrefslogtreecommitdiff
path: root/lib/api/api.go
diff options
context:
space:
mode:
Diffstat (limited to 'lib/api/api.go')
-rw-r--r--lib/api/api.go7
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/api/api.go b/lib/api/api.go
index 1f2fd3a55..065b634d4 100644
--- a/lib/api/api.go
+++ b/lib/api/api.go
@@ -365,15 +365,15 @@ func (s *service) Serve(ctx context.Context) error {
// Wrap everything in CSRF protection. The /rest prefix should be
// protected, other requests will grant cookies.
- var handler http.Handler = newCsrfManager(s.id.String()[:5], "/rest", guiCfg, mux, locations.Get(locations.CsrfTokens))
+ var handler http.Handler = newCsrfManager(s.id.Short().String(), "/rest", guiCfg, mux, locations.Get(locations.CsrfTokens))
// Add our version and ID as a header to responses
handler = withDetailsMiddleware(s.id, handler)
// Wrap everything in basic auth, if user/password is set.
if guiCfg.IsAuthEnabled() {
- sessionCookieName := "sessionid-" + s.id.String()[:5]
- handler = basicAuthAndSessionMiddleware(sessionCookieName, guiCfg, s.cfg.LDAP(), handler, s.evLogger)
+ sessionCookieName := "sessionid-" + s.id.Short().String()
+ handler = basicAuthAndSessionMiddleware(sessionCookieName, s.id.Short().String(), guiCfg, s.cfg.LDAP(), handler, s.evLogger)
handlePasswordAuth := passwordAuthHandler(sessionCookieName, guiCfg, s.cfg.LDAP(), s.evLogger)
restMux.Handler(http.MethodPost, "/rest/noauth/auth/password", handlePasswordAuth)
@@ -719,6 +719,7 @@ func (*service) getSystemPaths(w http.ResponseWriter, _ *http.Request) {
func (s *service) getJSMetadata(w http.ResponseWriter, _ *http.Request) {
meta, _ := json.Marshal(map[string]interface{}{
"deviceID": s.id.String(),
+ "deviceIDShort": s.id.Short().String(),
"authenticated": true,
})
w.Header().Set("Content-Type", "application/javascript")
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion