Closed fozcode closed 5 years ago
qururoland
commented
5 years ago All seems god but would it not be sensible to return a 401 status if the authentication failed rather than a 200 with an error message. This would make checking for success easier.
Should this be tested with an ajax call as well as with an iframe? This might work differently with session cookies - perhaps ajax calls would not set the cookie?
fozcode
commented
5 years ago OK proper status codes are now implemented.
As discussed ajax/xhr calls only allow cookies with specific CORS headers (not compatible with our current default CORS headers) and even then are still subject to "3rd party cookie" rules so I believe Safari will still reject them by default.
Do you have any other feedback?
Adds a new API and documentation for how to log in to QIS from a 3rd party application so that images in a private folder can be viewed in the browser.