Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-21976

The PDF export calls the REST API to get the headless Chrome IP address even when cookie filtering is not required

    XMLWordPrintable

Details

    • Unit
    • High
    • Medium
    • N/A
    • N/A

    Description

      XWiki authentication cookies are by default IP-bound, meaning they are encoded using the IP of the browser that the user has used to authenticate. In order to authenticate the user when requesting the print preview page with the headless Chrome we need to decode the XWiki authentication cookies using the original user browser IP and re-encode them using the headless Chrome IP. But for this we need to find the headless Chrome IP address. We do this using the REST API. All this is useless when the XWiki authentication cookies are missing, e.g. because a custom authenticator is used, so we shouldn't call the REST API in this case.

      Attachments

        Activity

          People

            mflorea Marius Dumitru Florea
            mflorea Marius Dumitru Florea
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: