Michael Mayer
2912ac9464
Security: Refactor cache headers, auth token validation & UI #782 #808
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-17 14:16:02 +01:00
Michael Mayer
3946e2a16f
API: Refactor "404 Not Found" response handler #3931
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 20:56:43 +01:00
Michael Mayer
c3b9b73d1d
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 16:17:16 +01:00
Michael Mayer
02a1b12edb
Config: Update CORS header defaults and add /api/v1/echo endpoint #3931
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 14:36:08 +01:00
Michael Mayer
fed1d8ad95
Auth: Accept access token as passwd with fail rate limit #782 #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-14 18:28:17 +01:00
Michael Mayer
f8e0615cc8
Auth: Ensure backwards compatibility for existing API clients #808 #3943
...
These changes ensure that the new (SHA256) session ID is returned in the
"session_id" field, so that developers have time to update their client
implementations to use the new "access_token" field.
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-07 12:25:56 +01:00
Michael Mayer
0d2f8be522
Auth: Use hashed auth tokens for enhanced security #3943 #808 #782
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-06 17:35:19 +01:00
Michael Mayer
8df444dfd7
Auth: Refactor session API #98
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-03-10 12:15:10 +01:00