summaryrefslogtreecommitdiffstats
path: root/Bugzilla/WebService
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/WebService')
-rw-r--r--Bugzilla/WebService/Server/REST.pm23
1 files changed, 0 insertions, 23 deletions
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index b3d35595f..940045b26 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -167,29 +167,6 @@ sub response {
sub handle_login {
my $self = shift;
-
- # If we're being called using GET, we don't allow cookie-based or Env
- # login, because GET requests can be done cross-domain, and we don't
- # want private data showing up on another site unless the user
- # explicitly gives that site their username and password. (This is
- # particularly important for JSONP, which would allow a remote site
- # to use private data without the user's knowledge, unless we had this
- # protection in place.) We do allow this for GET /login as we need to
- # for Bugzilla::Auth::Persist::Cookie to create a login cookie that we
- # can also use for Bugzilla_token support. This is OK as it requires
- # a login and password to be supplied and will fail if they are not
- # valid for the user.
- if (!grep($_ eq $self->request->method, ('POST', 'PUT'))
- && !($self->bz_class_name eq 'Bugzilla::WebService::User'
- && $self->bz_method_name eq 'login'))
- {
- # XXX There's no particularly good way for us to get a parameter
- # to Bugzilla->login at this point, so we pass this information
- # around using request_cache, which is a bit of a hack. The
- # implementation of it is in Bugzilla::Auth::Login::Stack.
- Bugzilla->request_cache->{'auth_no_automatic_login'} = 1;
- }
-
my $class = $self->bz_class_name;
my $method = $self->bz_method_name;
my $full_method = $class . "." . $method;