From dc952c063206d11504085ddea966f121e796a04c Mon Sep 17 00:00:00 2001
From: Pawel Boguslawski <pawel.boguslawski@ib.pl>
Date: Thu, 18 Mar 2021 15:37:22 +0100
Subject: [PATCH] API calls authorized with HTTP header

This mod allows API calls to be authorized with HTTP header
when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without
it user authenticated by reverse proxy is able to access
gitea UI but not API which is inconsistent.

Author-Change-Id: IB#1107572
---
 routers/api/v1/api.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 9c21107a28..4c8426cbeb 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -197,6 +197,10 @@ func reqToken() func(ctx *context.APIContext) {
 			return
 		}
 		if ctx.IsSigned {
+			// Don't require token if already authenticated by reverse proxy.
+			if setting.Service.EnableReverseProxyAuth {
+				return
+			}
 			ctx.RequireCSRF()
 			return
 		}