Allow authentication by HTTP header

Previously, authentication could only be done using a URL parameter, which appears in various logs. Now, clients can authenticate using a more appropriate HTTP header.

Allow authentication by HTTP header
Previously, authentication could only be done using a URL parameter, which appears in various logs. Now, clients can authenticate using a more appropriate HTTP header.
cf39aabd · Greg Price · d97009d1 · cf39aabd
Commit cf39aabd authored Oct 11, 2013 by Greg Price
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletions

app.rb
+2 -1

No files found.
--- a/app.rb
+++ b/app.rb
@@ -61,7 +61,8 @@ DEFAULT_PER_PAGE = 20

 if RACK_ENV.to_s != "test" # disable api_key auth in test environment
  before do
-    error 401 unless params[:api_key] == CommentService.config[:api_key]
+    api_key = CommentService.config[:api_key]
+    error 401 unless params[:api_key] == api_key or env["HTTP_X_EDX_API_KEY"] == api_key
  end
 end