photoprism

Author	SHA1	Message	Date
Michael Mayer	2df0b6e4b1	Server: Exclude .mp4 and .zip from compression and refactor vary #4018 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-20 12:48:42 +01:00
Michael Mayer	a4e2bb33b9	2FA: Rename "Auth Secret" to "App Password" for more clarity #782 #808 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-19 18:10:01 +01:00
Michael Mayer	2912ac9464	Security: Refactor cache headers, auth token validation & UI #782 #808 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-17 14:16:02 +01:00
Michael Mayer	127b30dd31	Config: Allow CORS for additional file types when using a CDN #3931 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-16 21:25:29 +01:00
Michael Mayer	3946e2a16f	API: Refactor "404 Not Found" response handler #3931 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-16 20:56:43 +01:00
Michael Mayer	abfea6354c	Config: Allow CORS for fonts and CSS when using a CDN #3931 see https://www.w3.org/TR/css-fonts-3/#font-fetching-requirements Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-16 20:04:36 +01:00
Michael Mayer	da10b30fdf	API: Add auth token to vary header for caching proxies and CDNs #3931 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-16 16:42:21 +01:00
Michael Mayer	c3b9b73d1d	API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-16 16:17:16 +01:00
Michael Mayer	02a1b12edb	Config: Update CORS header defaults and add /api/v1/echo endpoint #3931 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-16 14:36:08 +01:00
Michael Mayer	239708f00f	Config: Add options to configure CORS origin, headers and methods #3931 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-16 12:14:06 +01:00
Michael Mayer	c5f6a28448	Config: Add PHOTOPRISM_HTTP_CORS option for CDN users #3931 #3940 In addition, the Access-Control-Allow-Origin header is set to the same URL if an Origin header is found in the request (experimental). Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-15 13:06:27 +01:00
Michael Mayer	fed1d8ad95	Auth: Accept access token as passwd with fail rate limit #782 #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-14 18:28:17 +01:00
Michael Mayer	9586a9ec69	Auth: Refactor API to allow auth secrets to be used as tokens #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-14 12:01:26 +01:00
Michael Mayer	7a05c5553b	OAuth2: Add "POST /api/v1/oauth/revoke" API endpoint #782 #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-10 12:21:43 +01:00
Michael Mayer	3e924b70c7	API: Move handling of HTTP auth headers to pkg/header #808 #3943 #3959 Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-09 10:58:47 +01:00
Michael Mayer	f8e0615cc8	Auth: Ensure backwards compatibility for existing API clients #808 #3943 These changes ensure that the new (SHA256) session ID is returned in the "session_id" field, so that developers have time to update their client implementations to use the new "access_token" field. Signed-off-by: Michael Mayer <michael@photoprism.app>	2024-01-07 12:25:56 +01:00

16 commits