* return 401 instead of 403, provide www-authenticate header, redirect to the login page, add cookie token support
* set cookies completely through js in auth page
* initial pass: roll out bluemonday sanitization more widely
Signed-off-by: Dave Lee <dave@gray101.com>
* add one additional sanitize - the overall modelslist used by the docs site
Signed-off-by: Dave Lee <dave@gray101.com>
---------
Signed-off-by: Dave Lee <dave@gray101.com>
* add api key to existing app tests, add preliminary auth test
Signed-off-by: Dave Lee <dave@gray101.com>
* small fix, run test
Signed-off-by: Dave Lee <dave@gray101.com>
* status on non-opaque
Signed-off-by: Dave Lee <dave@gray101.com>
* tweak auth error
Signed-off-by: Dave Lee <dave@gray101.com>
* exp
Signed-off-by: Dave Lee <dave@gray101.com>
* quick fix on real laptop
Signed-off-by: Dave Lee <dave@gray101.com>
* add downloader version that allows providing an auth header
Signed-off-by: Dave Lee <dave@gray101.com>
* stash some devcontainer fixes during testing
Signed-off-by: Dave Lee <dave@gray101.com>
* s2
Signed-off-by: Dave Lee <dave@gray101.com>
* s
Signed-off-by: Dave Lee <dave@gray101.com>
* done with experiment
Signed-off-by: Dave Lee <dave@gray101.com>
* done with experiment
Signed-off-by: Dave Lee <dave@gray101.com>
* after merge fix
Signed-off-by: Dave Lee <dave@gray101.com>
* rename and fix
Signed-off-by: Dave Lee <dave@gray101.com>
---------
Signed-off-by: Dave Lee <dave@gray101.com>
Co-authored-by: Ettore Di Giacinto <mudler@users.noreply.github.com>
