1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/8e5b9caba8ff/ Changeset: 8e5b9caba8ff User: carlfeberhard Date: 2015-02-02 20:37:34+00:00 Summary: Core: error with 403 if user is not logged in *and* there is no session (gen. api call with no api key) Affected #: 1 file diff -r e56a78608c79097a6227f8c06cba8a45580a2a7d -r 8e5b9caba8ff493c25684ebdb6f69b819c34dca6 lib/galaxy/web/framework/decorators.py --- a/lib/galaxy/web/framework/decorators.py +++ b/lib/galaxy/web/framework/decorators.py @@ -206,7 +206,10 @@ # TODO: Document this branch, when can this happen, # I don't understand it. return __api_error_response( trans, err_msg=trans.error_message ) - if user_required and trans.anonymous: + # error if user required and anon + # error if anon and no session + if ( ( trans.anonymous and user_required ) + or ( trans.anonymous and not trans.galaxy_session ) ): error_code = error_codes.USER_NO_API_KEY # Use error codes default error message. err_msg = "API authentication required for this request" @@ -219,8 +222,10 @@ return __api_error_response( trans, status_code=400, err_code=error_code ) trans.response.set_content_type( JSON_CONTENT_TYPE ) + # send 'do not cache' headers to handle IE's caching of ajax get responses trans.response.headers[ 'Cache-Control' ] = "max-age=0,no-cache,no-store" + # TODO: Refactor next block out into a helper procedure. # Perform api_run_as processing, possibly changing identity if 'payload' in kwargs and 'run_as' in kwargs['payload']: Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.