u.schuster
released this
2026-04-25 20:30:05 +02:00
| 21 commits to main since this release
46971ac: AuthInterceptor strips the query string from the request-target
before passing the path to IAuthPolicy::isPublicPath(). Closes a regression
where /set-password?token=… (and any other public path with query args)
was rejected with 401.abf6153: AuthInterceptor returns HTML or a 302 redirect for browser
navigations instead of the legacy raw JSON 401/403. JSON callers
(path /api/*, X-Requested-With, Accept: application/json) keep the
JSON response. New IAuthPolicy::unauthenticatedRedirect(path) hook
lets consumers send browsers to a login/landing page.- Bootstraps a CMake test harness gated by OATPP_AUTHKIT_BUILD_TESTS.
Downloads