commit 8c0aedc86b01720985199c0695d5ca43c57cb8a1
author Marc Kupietz <kupietz@ids-mannheim.de> Sun Feb 15 09:48:07 2026 +0100
committer Marc Kupietz <kupietz@ids-mannheim.de> Sun Feb 15 10:34:19 2026 +0100
tree cd844496e92c6d8c23b2989b44382582474a4c9e
parent 95968cc1cc080ae39577864e4d9d97d514f3b8cc

Revert "Fix Firefox export authentication issue"

This reverts commit d8f38397ed8394e882d9027d258f1577ac4b9f6c.

No longer needed with current Kalamar v0.64.

Change-Id: Ib2ecd3fd50d038402415fd40c70b0680ad91e38d

src/main/java/de/ids_mannheim/korap/plkexport/Service.java

diff --git a/src/main/java/de/ids_mannheim/korap/plkexport/Service.java b/src/main/java/de/ids_mannheim/korap/plkexport/Service.java
index c7d5826..61a4564 100644
--- a/src/main/java/de/ids_mannheim/korap/plkexport/Service.java
+++ b/src/main/java/de/ids_mannheim/korap/plkexport/Service.java
@@ -16,7 +16,7 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-
+import jakarta.ws.rs.BadRequestException;
 import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.DefaultValue;
 import jakarta.ws.rs.FormParam;
@@ -143,8 +143,7 @@
                              int hitc,
                              EventOutput eventOutput,
                              boolean randomizePageOrder,
-                             long seed,
-                             String authToken
+                             long seed
         ) throws WebApplicationException {
         
         // These parameters are mandatory
@@ -224,11 +223,6 @@
 
             auth = authFromCookie(servletReq);
         };
-        
-        // Override auth if provided
-        if ((auth == null || auth.isEmpty()) && authToken != null) {
-            auth = authToken;
-        }
     
         String resp;
         WebTarget resource;
@@ -461,7 +455,7 @@
 
         boolean randomize = "true".equals(randomizePageOrderStr);
 
-        Exporter exp = export(fname, format, q, cq, ql, cutoffStr, hitc, null, randomize, seed, null);
+        Exporter exp = export(fname, format, q, cq, ql, cutoffStr, hitc, null, randomize, seed);
         
         return exp.serve().build();
     };
@@ -501,8 +495,7 @@
         @QueryParam("cutoff") String cutoffStr,
         @QueryParam("hitc") int hitc,
         @QueryParam("randomizePageOrder") String randomizePageOrderStr,
-        @DefaultValue("42") @QueryParam("seed") long seed,
-        @QueryParam("auth") String authToken
+        @DefaultValue("42") @QueryParam("seed") long seed
         ) throws InterruptedException {
 
         boolean randomize = "true".equals(randomizePageOrderStr);
@@ -530,7 +523,7 @@
                         eventBuilder.data("init");
                         eventOutput.write(eventBuilder.build());
                         Exporter exp = export(
-                            fname, format, q, cq, ql, cutoffStr, hitc, eventOutput, randomize, seed, authToken
+                            fname, format, q, cq, ql, cutoffStr, hitc, eventOutput, randomize, seed
                             );
 
                         if (eventOutput.isClosed())
@@ -584,63 +577,17 @@
         t.start();      
 //        t.join();
 
-        String origin = prop.getProperty("server.origin", "*");
-        String reqOrigin = null;
+        String origin = prop.getProperty("server.origin","*");
         if (servletReq != null) {
-            reqOrigin = servletReq.getHeader("Origin");
-            
-            // Treat "null" string (sent by browsers for privacy/sandboxing) same as missing
-            if (reqOrigin != null && reqOrigin.equals("null")) {
-                reqOrigin = null;
-            }
-            
-            // If Origin is missing, try to construct it from the request (for same-origin)
-            if (reqOrigin == null || reqOrigin.isEmpty()) {
-                String host = servletReq.getHeader("Host");
-                String scheme = servletReq.getScheme();
-                
-                // Check X-Forwarded-Proto for proxy scenarios
-                String forwardedProto = servletReq.getHeader("X-Forwarded-Proto");
-                if (forwardedProto != null) {
-                    scheme = forwardedProto;
-                }
-                
-                if (host != null) {
-                    reqOrigin = scheme + "://" + host;
-                }
-            }
+            // This is temporary to allow for session riding
+            origin = servletReq.getHeader("Origin");
+        };
 
-            // Fallback: If still no origin, try Referer
-            if (reqOrigin == null || reqOrigin.isEmpty()) {
-                String referer = servletReq.getHeader("Referer");
-                if (referer != null) {
-                    try {
-                        java.net.URI refUri = java.net.URI.create(referer);
-                        if (refUri.getScheme() != null && refUri.getAuthority() != null) {
-                            reqOrigin = refUri.getScheme() + "://" + refUri.getAuthority();
-                        }
-                    } catch (Exception e) {
-                        // Ignore invalid/missing referer
-                    }
-                }
-            }
-        }
-
-        if (reqOrigin != null && !reqOrigin.isEmpty()) {
-            origin = reqOrigin;
-        }
-
-        ResponseBuilder builder = Response.ok(eventOutput, String.valueOf(SseFeature.SERVER_SENT_EVENTS_TYPE))
-            .header("Vary", "Origin");
-
-        // Always use specific origin (echoed or fallback) with Credentials=true
-        // This supports both cookie-based and token-based auth securely
-        if (!origin.equals("*")) {
-            builder.header("Access-Control-Allow-Origin", origin);
-            builder.header("Access-Control-Allow-Credentials", "true");
-        }
-
-        return builder.build();
+        return Response.ok(eventOutput, String.valueOf(SseFeature.SERVER_SENT_EVENTS_TYPE))
+            .header("Access-Control-Allow-Origin", origin)
+            .header("Access-Control-Allow-Credentials", "true")
+            .header("Vary","Origin")
+            .build();
     };
 
 
@@ -769,17 +716,13 @@
         for (int i = 0; i < cookies.length; i++) {
 
             // Check the valid name and ignore irrelevant cookies
-            boolean match = false;
-            // Strict match if configured
-            if (!cookieName.isEmpty() && cookies[i].getName().equals(cookieName)) {
-                match = true;
-            }
-            // Prefix match (fallback or default)
-            else if (cookies[i].getName().startsWith("kalamar")) {
-                match = true;
-            }
-            
-            if (!match) continue;
+            if (cookieName == "") {
+                if (!cookies[i].getName().equals("kalamar")) {
+                    continue;
+                }
+            } else if (!cookies[i].getName().equals(cookieName)) {
+                continue;
+            };
 
             // Get the value
             String b64 = cookies[i].getValue();
@@ -915,7 +858,7 @@
     }
 
     private Locale getPreferredSupportedLocale() throws IOException {
-        Locale fallback = Locale.forLanguageTag("en");
+        Locale fallback = new Locale("en");
 
         if (req != null) {
             for (Locale l : req.getAcceptableLanguages()) {

src/main/resources/assets/export.js

diff --git a/src/main/resources/assets/export.js b/src/main/resources/assets/export.js
index 0220849..af5ae84 100644
--- a/src/main/resources/assets/export.js
+++ b/src/main/resources/assets/export.js
@@ -3,19 +3,6 @@
 function pluginit(P) {
 
   // Request query params from the embedding window
-  let authToken = null;
-  P.requestMsg(
-    {
-      'action':'get',
-      'key':'User'
-    },
-    function (d) {
-      if (d.value && d.value.auth) {
-        authToken = d.value.auth;
-      };
-    }
-  );
-
   P.requestMsg(
     {
       'action':'get',
@@ -108,10 +95,6 @@
       };
     };
     
-    if (authToken) {
-      query.append("auth", authToken);
-    };
-    
     reqStream(url.href);
     return false;
   };
@@ -135,12 +118,8 @@
     prog.style.display = "none";
     sse.close();
     window.Plugin.resize();
-    let msg = "Connection error";
-    if (e.data !== undefined) {
-        msg = e.data;
-    };
-    console.log(msg);
-    window.Plugin.log(0, msg);
+    console.log(e.data);
+    window.Plugin.log(0, e.data);
   };
 
   sse.addEventListener('Error', err);