From 4fa190944d11f63d450437274cdac7ad2e2454ec Mon Sep 17 00:00:00 2001 From: Pavel Goran Date: Wed, 16 Jul 2025 01:11:39 +0700 Subject: [PATCH] Support Basic Authentication for archive downloads Resolves #35083 --- services/auth/basic.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/auth/basic.go b/services/auth/basic.go index b2bd14ef5d3bc..6d147deeb1388 100644 --- a/services/auth/basic.go +++ b/services/auth/basic.go @@ -46,10 +46,10 @@ func (b *Basic) Name() string { // name/token on successful validation. // Returns nil if header is empty or validation fails. func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) { - // Basic authentication should only fire on API, Feed, Download or on Git or LFSPaths + // Basic authentication should only fire on API, Feed, Download, Archives or on Git or LFSPaths // Not all feed (rss/atom) clients feature the ability to add cookies or headers, so we need to allow basic auth for feeds detector := newAuthPathDetector(req) - if !detector.isAPIPath() && !detector.isFeedRequest(req) && !detector.isContainerPath() && !detector.isAttachmentDownload() && !detector.isGitRawOrAttachOrLFSPath() { + if !detector.isAPIPath() && !detector.isFeedRequest(req) && !detector.isContainerPath() && !detector.isAttachmentDownload() && !detector.isArchivePath() && !detector.isGitRawOrAttachOrLFSPath() { return nil, nil }