Bug #7014
closedPrivate downloads don't work when logged in via ORCID/auth token
0%
Description
When logged in using the `arctic` theme on dev.nceas.ucsb.edu (i.e. via ORCID), the EML download link to the private metadata document that I created fails to download. We get:
<?xml version="1.0" encoding="UTF-8"?><error detailCode="1400" errorCode="401" name="NotAuthorized">
<description>READ not allowed on arctic-data.11256.1</description>
</error>
An example is:
https://dev.nceas.ucsb.edu/#view/arctic-data.11256.1
The download button links directly to the /object REST endpoint:
https://dev.nceas.ucsb.edu/knb/d1/mn/v2/object/arctic-data.11256.1
My guess is that the `Authorization` header isn't getting set in this direct call, so with no auth token, it's seen as a public download.
Updated by ben leinfelder over 8 years ago
That's an interesting issue - how to provide hyperlinks but include headers?
Updated by Lauren Walker over 8 years ago
- Status changed from New to In Progress
There is no way to include headers in an HTML link. What the UI can do is download the object via an XMLHttpRequest if it is not public.
Updated by ben leinfelder over 8 years ago
Yep, that's what I figured. Does that just happen in a new tab or something?
Updated by Lauren Walker over 8 years ago
- Status changed from In Progress to Resolved