Archives/gristlabs_grist-core
1
0
Fork 0
mirror of https://github.com/gristlabs/grist-core.git synced 2026-03-02 04:09:24 +00:00
Code Issues Projects Releases Wiki Activity

use boot-key query parameter, tighten url match, put randomness in suggestions

Browse Source
This commit is contained in:
Paul Fitzpatrick
2024-05-23 14:59:58 -04:00
parent 07b80b1110
commit 7383b3f8f6
5 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/common/BaseAPI.ts
View File

@@ -66,9 +66,9 @@ export class BaseAPI {
// This is a fallback mechanism if auth is broken to access the
// admin panel.
// TODO: should this be more selective?
if (typeof window !== 'undefined' && window.location) {
const url = new URL(window.location.href);
const bootKey = url.searchParams.get('boot');
if (typeof window !== 'undefined' && window.location &&
window.location.pathname.endsWith('/admin')) {
const bootKey = new URLSearchParams(window.location.search).get('boot-key')
if (bootKey) {
this._headers['X-Boot-Key'] = bootKey;
}