Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow api-session-auth feature flag to be set #279

Open
pdurbin opened this issue May 11, 2023 · 1 comment · May be fixed by #291
Open

allow api-session-auth feature flag to be set #279

pdurbin opened this issue May 11, 2023 · 1 comment · May be fixed by #291
Assignees

Comments

@pdurbin
Copy link
Member

pdurbin commented May 11, 2023

There's a new feature flag called api-session-auth that I'd like to set to "true" or "1" so that the SPA can log in to the backend: http://preview.guides.gdcc.io/en/develop/installation/config.html#feature-flags

It should definitely be unset or explicitly off by default, because it's a potential security risk. (This is just for demos until we have bearer token support for the backend and the frontend.)

Please let me know if we can add this. Thanks! ❤️

@donsizemore
Copy link
Member

@pdurbin would also like api-bearer-auth to be available. renaming the branch to 279_feature_flags and adding these two. per a conversation with Phil I'll keep these as simple JVM options for now, once there are more and the configuration solidifies I'll convert the calls to whatever the preferred way is at that time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants