On 17/09/21 14:07, Ben Cotton wrote: > I'm passing along a lightly-edited announcement from the Red Hat > Bugzilla admins. You may have noticed this change already. The short > version is that the search API now defaults to returning 20 bugs, but > authenticated calls can request up to 1000. > Is there a safe way to authenticate a jquery ajax call without exposing the api token? Background: Bodhi uses a javascript call to populate the list of bugs associated to a package when creating a new update in the web UI form. For some packages this is now broken (for example, kernel package has over a thousand bugs, but as now Bodhi form will only show the first 20). I know that authentication to Bugzilla REST service can be done by sending an Authentication header in the request. But adding that to javascript code wouldn't mean to expose the API token to all? I'm a bit confused how to accomplish that. At the moment, Bodhi uses no authentication at all, but that would mean to fetch bugs by steps of 20 (and for some packages this is way too small as it would end in sending **a lot** of requests). Mattia _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
