View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0025362||mantisbt||api rest||public||2019-01-21 03:09||2019-08-25 12:36|
|Target Version||2.22.0||Fixed in Version||2.22.0|
|Summary||0025362: REST API support for multiple authorization headers|
In my company we use Mantis along with other applications. Our testing infrastructure is behind a ngning proxy with Basic Authentication.
I recently tried to use the Rest API in Mantis. While it works well on our production server, I get rejected with an unauthorized error on the testing instance.
After some digging in the code, it looks like the fact that Mantis relies on the "Authorization" header key is a problem. It conflicts with basic authentification which relies on this key as well. The same header key can't be used twice.
As a temporary workaround, I patched
I would suggest the following changes in the code :
If it sounds good I can provide a PR.
|Steps To Reproduce|
If you run apache, I think this can easily be reproduced using apache and an .htaccess file.
|Tags||No tags attached.|
I'm leaning towards handling multiple authorization headers with same name if that works for @pgiraud
PRs are welcome.