On 17/09/21 14:07, Ben Cotton wrote:
I'm passing along a lightly-edited announcement from the Red Hat
Bugzilla admins. You may have noticed this change already. The short
version is that the search API now defaults to returning 20 bugs, but
authenticated calls can request up to 1000.
Is there a safe way to authenticate a jquery ajax call without exposing
the api token?
Background: Bodhi uses a javascript call to populate the list of bugs
associated to a package when creating a new update in the web UI form.
For some packages this is now broken (for example, kernel package has
over a thousand bugs, but as now Bodhi form will only show the first 20).
I know that authentication to Bugzilla REST service can be done by
sending an Authentication header in the request. But adding that to
javascript code wouldn't mean to expose the API token to all? I'm a bit
confused how to accomplish that. At the moment, Bodhi uses no
authentication at all, but that would mean to fetch bugs by steps of 20
(and for some packages this is way too small as it would end in sending
**a lot** of requests).
Mattia