Custom Query (2152 matches)
Results (1567 - 1569 of 2152)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#992 | fixed | Use X-forwarded-for whenever it is available to set remote IP address | rgrp | rgrp |
Description |
At the moment we only use X-forwarded to determine remote user address when remote-addr header is 127.0.0.1. However if a site is behind a cache remote_addr will always be the IP of the cache. We should fix this by using x-forwarded-for header whenever available and only use remote-addr when it is not available. Cost: 10m |
|||
#1000 | fixed | Remove call timings code | kindly | rgrp |
Description |
Not used and extra overhead. Very useful to strip this out and low cost. Places where it seems to be:
|
|||
#1001 | fixed | API should use normal user credentials if available | rgrp | rgrp |
Description |
When using the API 'locally' i.e. from the CKAN instance (as would be the case with an ajax interface) the API, especially that allowing READ requests should use the normal user credentials if they are available prior to looking for an API key. The key change appears to be to change _get_user_for_apikey method in lib/base.py BaseController? to check the c.user attribute (may wish to rename as the name may now be a bit misleading ...). This is critical to incorporating any ajax editing into the frontend. As part of this ticket we should do a general consolidation of the identification system in lib/base.py so that both api_key and normal user auth lead to the same set of auth-related objects being available (suggest c.user and c.userobj and c.author). |