From: | Célestin Matte <celestin(dot)matte(at)cmatte(dot)me> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | PostgreSQL WWW <pgsql-www(at)lists(dot)postgresql(dot)org> |
Subject: | Re: [PATCH] pgarchives: Always load auth, even when using PUBLIC_ARCHIVES=True |
Date: | 2023-04-14 12:37:00 |
Message-ID: | 846c9d77-bfff-19e3-9622-eaad5f9bf7b0@cmatte.me |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
Like this? (attached)
On 11/04/2023 11:13, Magnus Hagander wrote:
> On Sat, Apr 1, 2023 at 11:38 PM Célestin Matte <celestin(dot)matte(at)cmatte(dot)me> wrote:
>>
>> There's an issue in pgarchives with auth when using PUBLIC_ARCHIVES=True.
>> Even in public archives mode, auth is necessary as an antispam feature for downloading mbox, raw messages etc.
>> However, in public archives mode, auth is not loaded, except when setting ALLOW_RESEND=True. But that variable has a different purpose and the semantics is unclear.
>> Several solutions exist:
>> - adding a variable in settings to allow auth for these purposes
>> - always loading auth. This is the solution I used in attached patch.
>
>
> Ouch. That is definitely a think-o when I changed it to use this type
> of auth for antispam. Oops.
>
> I think at this point it would be more clear to just merge the changes
> up to where they are originally instead of adding them later, that is
> include things in MIDDLEWARE already in the static array.
>
> It might be, for cleanliness perspective and possible future
> expansion, good to keep the PGAUTH specific parts under an "if PGAUTH"
> or something like that, and then just hardcode that one to True for
> now. But things like session and authentication middleware are going
> to be needed regardless of which authentication method i sused.
>
--
Célestin Matte
Attachment | Content-Type | Size |
---|---|---|
0001-Always-load-auth-even-when-using-PUBLIC_ARCHIVES-Tru.patch | text/x-patch | 3.2 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Pavel Luzanov | 2023-04-15 05:39:45 | Wiki editor request |
Previous Message | Jonathan S. Katz | 2023-04-13 18:22:13 | Re: CSS/JS 404 issues with documentation on postgresql.org |