Allow Token/Basic auth on raw paths (#15987)

It appears that people have been using token authentication to navigate to raw paths and recent changes have broken this. Whilst ideally these paths would not be being used like this - it was not the intention to be a breaking change. This PR restores access to these paths. Fix #13772 Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-07-22 02:08:36 +00:00 · 2021-05-27 19:46:11 +01:00
parent b27a9d43a5
commit 6d6a65cf5c
4 changed files with 15 additions and 11 deletions
--- a/modules/auth/sso/reverseproxy.go
+++ b/modules/auth/sso/reverseproxy.go
@@ -78,7 +78,7 @@ func (r *ReverseProxy) VerifyAuthData(req *http.Request, w http.ResponseWriter,
 	}

 	// Make sure requests to API paths, attachment downloads, git and LFS do not create a new session
-	if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitOrLFSPath(req) {
+	if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawOrLFSPath(req) {
 		if sess.Get("uid").(int64) != user.ID {
 			handleSignIn(w, req, sess, user)
 		}