summaryrefslogtreecommitdiff
path: root/webapps/scripting
diff options
context:
space:
mode:
Diffstat (limited to 'webapps/scripting')
-rw-r--r--webapps/scripting/common.js28
-rw-r--r--webapps/scripting/preauth.esp31
2 files changed, 31 insertions, 28 deletions
diff --git a/webapps/scripting/common.js b/webapps/scripting/common.js
index fe25287a74..c111089bd8 100644
--- a/webapps/scripting/common.js
+++ b/webapps/scripting/common.js
@@ -69,34 +69,6 @@ function page_footer() {
/*
- check if a uri is one of the 'always allowed' pages, even when not logged in
- This allows the login page to use the same style sheets and images
-*/
-function always_allowed(uri) {
- var str = string_init();
-
- /* allow jsonrpc-based applications to do their own authentication */
- var s = str.split('/', uri);
- if (s[0] == "" && s[1] == 'apps') {
- return true;
- }
-
- var s = str.split('.', uri);
- if (s.length < 2) {
- return false;
- }
-
- var ext = s[s.length-1];
- var allowed = new Array("ico", "gif", "png","css", "js");
- for (i in allowed) {
- if (allowed[i] == ext) {
- return true;
- }
- }
- return false;
-}
-
-/*
display a table element
*/
function table_element(i, o) {
diff --git a/webapps/scripting/preauth.esp b/webapps/scripting/preauth.esp
index 489f6b5004..e6d04faf8d 100644
--- a/webapps/scripting/preauth.esp
+++ b/webapps/scripting/preauth.esp
@@ -5,6 +5,36 @@ include("/scripting/common.js");
output at all then that output is returned and the requested page
is not given or processed.
*/
+
+/*
+ check if a uri is one of the 'always allowed' pages, even when not logged in
+ This allows the login page to use the same style sheets and images
+*/
+function always_allowed(uri) {
+ var str = string_init();
+
+ /* allow jsonrpc-based applications to do their own authentication */
+ var s = str.split('/', uri);
+ if (s[0] == "" && s[1] == 'index.html') {
+ return true;
+ }
+
+ var s = str.split('.', uri);
+ if (s.length < 2) {
+ return false;
+ }
+
+ var ext = s[s.length-1];
+ var allowed = new Array("ico", "gif", "png","css", "js");
+ for (i in allowed) {
+ if (allowed[i] == ext) {
+ return true;
+ }
+ }
+ return false;
+}
+
+
if (server['SERVER_PROTOCOL'] == "http" &&
server['TLS_SUPPORT'] == "True") {
write("redirect to https");
@@ -14,4 +44,5 @@ if (server['SERVER_PROTOCOL'] == "http" &&
/* present the login page */
include("/login.esp");
}
+
%>