mirror of
https://github.com/octoleo/syncthing.git
synced 2024-12-22 10:58:57 +00:00
439c6c5b7c
This adds our short device ID to the basic auth realm. This has at least two consequences: - It is different from what's presented by another device on the same address (e.g., if I use SSH forwards to different dives on the same local address), preventing credentials for one from being sent to another. - It is different from what we did previously, meaning we avoid cached credentials from old versions interfering with the new login flow. I don't *think* there should be things that depend on our precise realm string, so this shouldn't break any existing setups... Sneakily this also changes the session cookie and CSRF name, because I think `id.Short().String()` is nicer than `id.String()[:5]` and the short ID is two characters longer. That's also not a problem... |
||
---|---|---|
.. | ||
auto | ||
testdata | ||
.gitignore | ||
api_auth_test.go | ||
api_auth.go | ||
api_csrf.go | ||
api_statics.go | ||
api_test.go | ||
api.go | ||
confighandler.go | ||
debug.go | ||
mocked_config_test.go | ||
support_bundle.go |