On 9/18/21 3:10 AM, Mattia Verga via devel wrote:
On 17/09/21 14:07, Ben Cotton wrote:
> I'm passing along a lightly-edited announcement from the Red Hat
> Bugzilla admins. You may have noticed this change already. The short
> version is that the search API now defaults to returning 20 bugs, but
> authenticated calls can request up to 1000.
>
Is there a safe way to authenticate a jquery ajax call without exposing
the api token?
Background: Bodhi uses a javascript call to populate the list of bugs
associated to a package when creating a new update in the web UI form.
For some packages this is now broken (for example, kernel package has
over a thousand bugs, but as now Bodhi form will only show the first 20).
I know that authentication to Bugzilla REST service can be done by
sending an Authentication header in the request. But adding that to
javascript code wouldn't mean to expose the API token to all? I'm a bit
confused how to accomplish that. At the moment, Bodhi uses no
authentication at all, but that would mean to fetch bugs by steps of 20
(and for some packages this is way too small as it would end in sending
**a lot** of requests).
Can the requests be performed concurrently? With HTTP/2
and HTTP/3, sending lots of concurrent requests is cheap.
Sincerely,
Demi