Adds @filter as an authentication filter to @domain. The filter
gets a chance to bypass authentication for certain requests that
would otherwise require it. Eg, it might check the message's path
in some way that is too complicated to do via the other methods, or
it might check the message's method, and allow GETs but not PUTs.
The filter function returns %TRUE if the request should still
require authentication, or %FALSE if authentication is unnecessary
for this request.
To help prevent security holes, your filter should return %TRUE by
default, and only return %FALSE under specifically-tested
circumstances, rather than the other way around. Eg, in the example
above, where you want to authenticate PUTs but not GETs, you should
check if the method is GET and return %FALSE in that case, and then
return %TRUE for all other methods (rather than returning %TRUE for
PUT and %FALSE for all other methods). This way if it turned out
(now or later) that some paths supported additional methods besides
GET and PUT, those methods would default to being NOT allowed for
unauthenticated users.
You can also set the filter by setting the %SOUP_AUTH_DOMAIN_FILTER
and %SOUP_AUTH_DOMAIN_FILTER_DATA properties, which can also be
used to set the filter at construct time.
Adds @filter as an authentication filter to @domain. The filter gets a chance to bypass authentication for certain requests that would otherwise require it. Eg, it might check the message's path in some way that is too complicated to do via the other methods, or it might check the message's method, and allow GETs but not PUTs.
The filter function returns %TRUE if the request should still require authentication, or %FALSE if authentication is unnecessary for this request.
To help prevent security holes, your filter should return %TRUE by default, and only return %FALSE under specifically-tested circumstances, rather than the other way around. Eg, in the example above, where you want to authenticate PUTs but not GETs, you should check if the method is GET and return %FALSE in that case, and then return %TRUE for all other methods (rather than returning %TRUE for PUT and %FALSE for all other methods). This way if it turned out (now or later) that some paths supported additional methods besides GET and PUT, those methods would default to being NOT allowed for unauthenticated users.
You can also set the filter by setting the %SOUP_AUTH_DOMAIN_FILTER and %SOUP_AUTH_DOMAIN_FILTER_DATA properties, which can also be used to set the filter at construct time.