Send auth token with Solr queries
So that private data shows up in search results
#1 Updated by ben leinfelder almost 6 years ago
I think it's probably fine to send the auth token with query requests, but I'm a little concerned that the browser session isn't providing access to private content. After all, that's how we are able to retrieve an auth token from the portal following authentication as it is. Perhaps something changed with all the proxying that happens through the search server apache config on to the cn solr index. Could we look into this together to make sure we're not adding a band aid to something that needs sutures?
#4 Updated by Lauren Walker almost 6 years ago
- Status changed from New to Resolved
Auth tokens are sent in the request header of almost all requests sent by MetacatUI now. The exceptions are requests sent to third-party services such as Bioportal and ORCID, and Metacat services like the online metadata registry. The app will need to send the initial DataCatalog or Metadata View search twice since it first will send before the token is retrieved, and then again once the token is retrieved and the user model is configured as logged-in.