summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/api_controller.rb12
1 files changed, 11 insertions, 1 deletions
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 70b3cac..d5bec70 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -5,8 +5,18 @@ class ApiController < ApplicationController
protected
+ #
+ # For now, we are going to allow cookie authentication if there is
+ # no "Authorization" header in the request. This is to keep backward
+ # compatibility with older clients. In the future, this should be
+ # disabled.
+ #
def require_login
- require_token
+ if ActionController::HttpAuthentication::Token.token_and_options(request)
+ require_token
+ else
+ super
+ end
end
def anonymous_access_allowed?