Skip to content

Commit 6dae911

Browse files
fix: api key security risk (#1712)
add tenant id to the header when sent in the request otherwise server treats this as default tenant
1 parent d9204c2 commit 6dae911

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

src/handlers/http/middleware.rs

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,10 @@ where
186186
permissions,
187187
&user.tenant,
188188
);
189+
req.headers_mut().insert(
190+
HeaderName::from_static(TENANT_ID),
191+
HeaderValue::from_str(tenant).unwrap(),
192+
);
189193
req.extensions_mut().insert(session_key);
190194
Some(session_id)
191195
}

0 commit comments

Comments
 (0)