mirror of
https://github.com/brunopostle/ifcurl.git
synced 2026-07-12 02:08:13 +00:00
The select-documents picker queried the Forgejo API with only the browser's session cookie (credentials: 'include'), so an OpenCDE client that authenticated via OAuth2 saw only public repositories. Thread the access token presented on the select-documents request through to the picker UI (query param) and have its JS send it as Authorization: Bearer on every Forgejo API call, falling back to cookie auth when no token is supplied. Add a no-referrer policy so the token in the page URL does not leak via Referer on API fetches or the callback redirect. Closes ifcurl-i5c. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| conftest.py | ||
| test_auth.py | ||
| test_bcf.py | ||
| test_bcf_api.py | ||
| test_checkout.py | ||
| test_diff.py | ||
| test_discover.py | ||
| test_documents_api.py | ||
| test_documents_api_picker.py | ||
| test_foundation_api.py | ||
| test_git.py | ||
| test_render.py | ||
| test_sandbox.py | ||
| test_service.py | ||
| test_url.py | ||
| test_viewer_url.mjs | ||