Skip to content

fix: OpenAPI authentication#4110

Merged
shaohuzhang1 merged 1 commit intov2from
pr@v2@fix_openapi
Sep 25, 2025
Merged

fix: OpenAPI authentication#4110
shaohuzhang1 merged 1 commit intov2from
pr@v2@fix_openapi

Conversation

@shaohuzhang1
Copy link
Copy Markdown
Contributor

@shaohuzhang1 shaohuzhang1 commented Sep 25, 2025

fix: OpenAPI authentication

@f2c-ci-robot
Copy link
Copy Markdown

f2c-ci-robot bot commented Sep 25, 2025

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@f2c-ci-robot
Copy link
Copy Markdown

f2c-ci-robot bot commented Sep 25, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

shaohuzhang1
shaohuzhang1 commented Sep 25, 2025
View reviewed changes
Comment thread apps/common/middleware/doc_headers_middleware.py
CONFIG.get_chat_path() + '/api-doc/'):
auth = request.COOKIES.get('Authorization')
if auth is None:
return HttpResponse(content)
Copy link
Copy Markdown
Contributor Author

@shaohuzhang1 shaohuzhang1 Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The provided code snippet has a logical error in that it does not check for authentication when the path starts with /doc-chat/. This can lead to unauthorized access for this route. Additionally, the function CONFIG.get_admin_path() and CONFIG.get_chat_path() should ideally be called within the scope of where they are defined or imported.

To correct these issues:

  1. Add an additional condition to check for the presence of authentication on paths starting with '/doc_chat/'.
if request.path.startswith(CONFIG.get_admin_path() + '/api-doc/') or \
   request.path.startswith(CONFIG.get_chat_path() + '/api-doc/') or \
   (request.path.startswith('/doc_chat/') and auth is None):
  1. Ensure that CONFIG is properly initialized before being used in process_response.
  2. Consider adding logging statements to help debug potential issues.

@shaohuzhang1 shaohuzhang1 merged commit 801891d into v2 Sep 25, 2025
4 of 6 checks passed
@shaohuzhang1 shaohuzhang1 deleted the pr@v2@fix_openapi branch September 25, 2025 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge/release-note-label-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shaohuzhang1