crates.io icon indicating copy to clipboard operation
crates.io copied to clipboard

Published 20 hours ago verified publisher icon rust-lang

Limit some actions to only authenticate via token

Open carols10cents opened this issue 6 years ago • 3 comments

Currently, all authentication for all routes happens either via a cookie through the browser or via an authentication header from cargo that uses a token. However, actions like publishing a crate and possibly others should only ever happen through cargo-- so it seems like a good idea to me to only authenticate for those actions via an auth header containing a token.

This is probably pretty low priority though.

carols10cents avatar Oct 19 '18 22:10 carols10cents

#1488 fixes this

sgrif avatar Oct 20 '18 11:10 sgrif

oh hey cool

carols10cents avatar Oct 21 '18 00:10 carols10cents

FYI #1488 was closed without implementing this.

markcatley avatar May 02 '19 03:05 markcatley