Add a way to use a JWT in an HTTP only cookie

If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie.
2024-05-03 10:00:03 +02:00 · 2023-12-04 14:02:45 -06:00 · 2023-12-04 14:02:45 -06:00 · d5d9fbb8aa
parent 4aeca48b6d
commit d5d9fbb8aa
1 changed files with 8 additions and 0 deletions
--- a/weed/security/jwt.go
+++ b/weed/security/jwt.go
@ -83,6 +83,14 @@ func GetJwt(r *http.Request) EncodedJwt {
 		}
 	}

+	// Get token from http only cookie
+	if tokenStr == "" {
+		token, err := r.Cookie("AT")
+		if err == nil {
+			tokenStr = token.Value
+		}
+	}
+
 	return EncodedJwt(tokenStr)
 }