Restrict bearer token authentication to JSON requests
Bearer tokens are for API/SDK/CLI access — they should only authenticate JSON requests.
This commit is contained in:
@@ -56,7 +56,7 @@ module Authentication
|
||||
end
|
||||
|
||||
def authenticate_by_bearer_token
|
||||
if request.authorization.to_s.include?("Bearer")
|
||||
if request.authorization.to_s.include?("Bearer") && request.format.json?
|
||||
authenticate_or_request_with_http_token do |token|
|
||||
if identity = Identity.find_by_permissable_access_token(token, method: request.method)
|
||||
Current.identity = identity
|
||||
|
||||
Reference in New Issue
Block a user