label-studio
label-studio copied to clipboard
fix: Allow token-based authentication for local-files
PR fulfills these requirements
- [x] Commit message(s) and PR title follows the format
[fix|feat|ci|chore|doc]: TICKET-ID: Short description of change made
ex.fix: DEV-XXXX: Removed inconsistent code usage causing intermittent errors
- [ ] Tests for the changes have been added/updated (for bug fixes/features)
- [ ] Docs have been added/updated (for bug fixes/features)
- [ ] Best efforts were made to ensure docs/code are concise and coherent (checked for spelling/grammatical errors, commented out code, debug logs etc.)
- [x] Self-reviewed and ran all changes on a local instance (for bug fixes/features)
Change has impacts in these area(s)
(check all that apply)
- [ ] Product design
- [ ] Backend (Database)
- [x] Backend (API)
- [ ] Frontend
Describe the reason for change
As noted in issue #4095 and #2320, a “403 Forbidden” response is received upon a GET request for an image synched with the local-files cloud storage, even with an access token. This behavior differs from data upload directly through the interface.
What does this fix?
This change fixes the issue described, allowing for token-based authentication for images in the local-files cloud storage using the “api_view” decorator, limited to only GET based requests.
Does this change affect security?
Hopefully, this change doesn't affect Label Studio's security any more than allowing the GET requests described authenticated through tokens, however I'm not very familiar with Django and the REST API, therefore I'm not 100% sure there are no side effects.
Does this PR introduce a breaking change?
(check only one)
- [ ] Yes, and covered entirely by feature flag(s)
- [ ] Yes, and covered partially by feature flag(s)
- [x] No
- [ ] Not sure (briefly explain the situation below)
What level of testing was included in the change?
(check all that apply)
- [ ] e2e
- [ ] integration
- [ ] unit
Which logical domain(s) does this change affect?
This change should only affect the security domain, hopefully with no side-effects.
Deploy request for label-studio-docs-new-theme pending review.
Visit the deploys page to approve it
Name | Link |
---|---|
Latest commit | ee05d93856637cbd7673c723af29d6f3dafdcf0c |
Deploy request for heartex-docs pending review.
Visit the deploys page to approve it
Name | Link |
---|---|
Latest commit | ee05d93856637cbd7673c723af29d6f3dafdcf0c |
+1 to see this merged.
+1 to see this merged.
+1 to see this merged.
+1 to see this merged
+1
Approve please
https://github.com/HumanSignal/label-studio/pull/4698/files/ee05d93856637cbd7673c723af29d6f3dafdcf0c
This is working
+1 to see this merged