ZP-1221 Make sure authentication during OPTIONS request is done after

processing all headers and converting charset encodings. Released under the Affero GNU General Public License (AGPL) version 3.

ZP-1221 Make sure authentication during OPTIONS request is done after
processing all headers and converting charset encodings. Released under the Affero GNU General Public License (AGPL) version 3.
df7b6b94 · Sebastian Kummer · 0ee4231e · df7b6b94
Commit df7b6b94 authored May 19, 2017 by Sebastian Kummer
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

index.php src/index.php +5 -5

No files found.
--- a/src/index.php
+++ b/src/index.php
@@ -55,17 +55,17 @@ include_once(ZPUSH_CONFIG);
        if (! Request::HasAuthenticationInfo() || !Request::GetGETUser())
            throw new AuthenticationRequiredException("Access denied. Please send authorisation information");
+        ZPush::CheckAdvancedConfig();
+        // Process request headers and look for AS headers
+        Request::ProcessHeaders();
        // Stop here if this is an OPTIONS request
        if (Request::IsMethodOPTIONS()) {
            RequestProcessor::Authenticate();
            throw new NoPostRequestException("Options request", NoPostRequestException::OPTIONS_REQUEST);
        }
-        ZPush::CheckAdvancedConfig();
-        // Process request headers and look for AS headers
-        Request::ProcessHeaders();
        // Check required GET parameters
        if(Request::IsMethodPOST() && (Request::GetCommandCode() === false || !Request::GetDeviceID() || !Request::GetDeviceType()))
            throw new FatalException("Requested the Z-Push URL without the required GET parameters");