Drop ad-hoc TLS requirement from JWT and Password auth (#7231)

geldata · Apr 19, 2024 · 54f39c0 · 54f39c0
1 parent d82e14f
commit 54f39c0
Showing 1 changed file with 0 additions and 8 deletions.
diff --git a/edb/server/protocol/protocol.pyx b/edb/server/protocol/protocol.pyx
@@ -877,17 +877,9 @@ cdef class HttpProtocol:
                     # If the auth method and the provided auth information
                     # match, try to resolve the authentication.
                     if authmethod_name == 'JWT' and scheme == 'bearer':
-                        if not self.is_tls:
-                            raise errors.AuthenticationError(
-                                'JWT HTTP auth must use HTTPS')
-
                         auth_helpers.auth_jwt(
                             self.tenant, auth_payload, username, dbname)
                     elif authmethod_name == 'Password' and scheme == 'basic':
-                        if not self.is_tls:
-                            raise errors.AuthenticationError(
-                                'Basic HTTP auth must use HTTPS')
-
                         auth_helpers.auth_basic(
                             self.tenant, username, opt_password)
                     elif authmethod_name == 'Trust':