From d5d9fbb8aa5e86f2b866e25f58bf36a7a989478d Mon Sep 17 00:00:00 2001
From: jerebear12 <72420925+jerebear12@users.noreply.github.com>
Date: Mon, 4 Dec 2023 14:02:45 -0600
Subject: [PATCH] Add a way to use a JWT in an HTTP only cookie

If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie.
---
 weed/security/jwt.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/weed/security/jwt.go b/weed/security/jwt.go
index 446c3c21d..d859e9ea8 100644
--- a/weed/security/jwt.go
+++ b/weed/security/jwt.go
@@ -83,6 +83,14 @@ func GetJwt(r *http.Request) EncodedJwt {
 		}
 	}
 
+	// Get token from http only cookie
+	if tokenStr == "" {
+		token, err := r.Cookie("AT")
+		if err == nil {
+			tokenStr = token.Value
+		}
+	}
+
 	return EncodedJwt(tokenStr)
 }