On Sat, Sep 18, 2021 at 3:55 PM Demi Marie Obenour
<demiobenour(a)gmail.com> wrote:
On 9/18/21 3:10 AM, Mattia Verga via devel wrote:
> On 17/09/21 14:07, Ben Cotton wrote:
>> I'm passing along a lightly-edited announcement from the Red Hat
>> Bugzilla admins. You may have noticed this change already. The short
>> version is that the search API now defaults to returning 20 bugs, but
>> authenticated calls can request up to 1000.
>>
> Is there a safe way to authenticate a jquery ajax call without exposing
> the api token?
>
> Background: Bodhi uses a javascript call to populate the list of bugs
> associated to a package when creating a new update in the web UI form.
> For some packages this is now broken (for example, kernel package has
> over a thousand bugs, but as now Bodhi form will only show the first 20).
>
> I know that authentication to Bugzilla REST service can be done by
> sending an Authentication header in the request. But adding that to
> javascript code wouldn't mean to expose the API token to all? I'm a bit
> confused how to accomplish that. At the moment, Bodhi uses no
> authentication at all, but that would mean to fetch bugs by steps of 20
> (and for some packages this is way too small as it would end in sending
> **a lot** of requests).
Can the requests be performed concurrently? With HTTP/2
and HTTP/3, sending lots of concurrent requests is cheap.
That may cause problems server-side, though. None of our services are
HTTP/2 or HTTP/3 aware/optimized, so they will not be prepared for the
load.
--
真実はいつも一つ!/ Always, there's only one truth!