From cb70f4882f93f7b95fcb04e7b9e05ea5edf1cb13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Tue, 13 Jul 2021 09:43:25 +0000
Subject: [PATCH] add todo for x-access-header handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 proxy/pkg/middleware/account_resolver.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/proxy/pkg/middleware/account_resolver.go b/proxy/pkg/middleware/account_resolver.go
index 12262a5b7..e7d6aed68 100644
--- a/proxy/pkg/middleware/account_resolver.go
+++ b/proxy/pkg/middleware/account_resolver.go
@@ -56,6 +56,7 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	ctx := req.Context()
 	claims := oidc.FromContext(ctx)
 	u, ok := revauser.ContextGetUser(ctx)
+	// TODO what if an X-Access-Token is set? happens eg for download requests to the /data endpoint in the reva frontend
 
 	if claims == nil && !ok {
 		m.next.ServeHTTP(w, req)