上传文件忽略了验证登录 #70
Labels
Comments
|
我也发现这个问题,上传并发布不需要 token (/api/upload_and_publish) tarscloud/framework:v2.4.7 |
|
bug fix! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
源码中把上传包的api 做了登录忽略,这是为什么? 文档中有地方写到用curl 上传包的时候需要在system 平台获取一个token, 这不是多此一举了吗?
下面是源码中的一段代码:
//上传文件不需要登录
if(WebConf.webConf.uploadLogin || process.env.TARS_WEB_UPLOAD == 'true') {
loginConf.ignore.push('/pages/server/api/upload_patch_package');
loginConf.ignore.push('/api/upload_patch_package');
loginConf.ignore.push('/pages/server/api/upload_and_publish');
loginConf.ignore.push('/api/upload_and_publish');
}
另外还有一个奇怪的地方就是, curl 命令上传包成功,但返回的信息包含了一个 "Method NOT Allowed" !!!
tar cvfz boxserver.tgz ...
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< X-RateLimit-Limit: 5000
< X-RateLimit-Remaining: 4998
< X-RateLimit-Reset: 1595390400
< X-DNS-Prefetch-Control: off
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=15552000; includeSubDomains
< X-Download-Options: noopen
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Type: text/plain; charset=utf-8
< Content-Length: 285
< Surrogate-Control: no-store
< Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
< Pragma: no-cache
< Expires: 0
< Set-Cookie: dcache=true; path=/
< Date: Wed, 22 Jul 2020 03:59:50 GMT
< Connection: keep-alive
<
Method Not Allowed
patch serverId: 108, node_name: 172.25.0.5
task no: [33fd1e8440ba4d5bb19213ab44432e2b]
172.25.0.5 EM_I_SUCCESS startServer [quwanyun.boxserver] from 172.25.0.3 :server is activating, please check:
The text was updated successfully, but these errors were encountered: