History | View | Annotate | Download (4.5 kB)
Forbid destructive actions from the helpdesk GUI
Mark requests with impersonated users as readonly and check access on all API method invocations
Take care of various auth corner cases
Allow requests with X-Auth-Tmp-Token set but not under /helpdesk toproceed-Do not allow requests from non-valid users to proceed (in the face ofthe recent Dropbox exploit :))
Really process URL exclusions
Better cookie expiration handling
Impersonation works as expected
-Remove superflous check from middleware-Make iframe cover full screen in firefox-Filter our helpdesk users from users list
Add helpdesk user group
Helpdesk users are registered statically using the HELPDESK user type.The middleware will only allow impersonation requests from helpdeskusers.
Only allow specific IP addresses to connect to the helpdesk app
Fix tmp auth header creation
Middleware for dealing with impersonation requests