b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX: Use Authorization header for PDF viewer instead of query parameter token

Browse Source
This commit is contained in:
Leon Bösche
2026-01-11 17:52:08 +01:00
parent 2129d72a1f
commit ef737429d6
2 changed files with 140 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
go_cloud/internal/http/routes.go
View File

@@ -459,7 +459,8 @@ func viewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB, jwtM
errors.WriteError(w, errors.CodeInternal, "Server error", http.StatusInternalServerError)
return
}
downloadPath := fmt.Sprintf("%s://%s/orgs/%s/files/download?path=%s&token=%s", scheme, host, orgID.String(), url.QueryEscape(file.Path), url.QueryEscape(viewerToken))
// Download URL without token - will use Authorization header instead
downloadPath := fmt.Sprintf("%s://%s/orgs/%s/files/download?path=%s", scheme, host, orgID.String(), url.QueryEscape(file.Path))
// Determine if it's a PDF based on file extension
isPdf := strings.HasSuffix(strings.ToLower(file.Name), ".pdf")
@@ -542,7 +543,8 @@ func userViewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
errors.WriteError(w, errors.CodeInternal, "Server error", http.StatusInternalServerError)
return
}
downloadPath := fmt.Sprintf("%s://%s/user/files/download?path=%s&token=%s", scheme, host, url.QueryEscape(file.Path), url.QueryEscape(viewerToken))
// Download URL without token - will use Authorization header instead
downloadPath := fmt.Sprintf("%s://%s/user/files/download?path=%s", scheme, host, url.QueryEscape(file.Path))
// Determine if it's a PDF based on file extension
isPdf := strings.HasSuffix(strings.ToLower(file.Name), ".pdf")