From aa39f67c0840b9d1a4ddce9937d227801f3f5fd1 Mon Sep 17 00:00:00 2001 From: Adrian Ghisoiu Date: Mon, 13 Oct 2025 21:01:55 +0300 Subject: [PATCH 1/2] fix typo in modules-installation.md --- user_docs/docs/modules-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_docs/docs/modules-installation.md b/user_docs/docs/modules-installation.md index d56e38e355..990cbf70ec 100644 --- a/user_docs/docs/modules-installation.md +++ b/user_docs/docs/modules-installation.md @@ -1,7 +1,7 @@ # Modules Installation -The Modules can be accessed only by admin user who can view view the installed modules, new updates, install new modules or remove the installed ones. +The Modules can be accessed only by admin user who can view the installed modules, new updates, install new modules or remove the installed ones. Clicking the **Modules** in the main menu opens the **Modules** blade: From 8ffa9606184bea1d7989266f1c24fa27d9b89b81 Mon Sep 17 00:00:00 2001 From: Adrian Ghisoiu Date: Mon, 13 Oct 2025 21:04:30 +0300 Subject: [PATCH 2/2] fix url not showin correctly in documentation --- .../authentication/access-token-and-cookie-mixed-auth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_docs/docs/Fundamentals/Security/authentication/access-token-and-cookie-mixed-auth.md b/dev_docs/docs/Fundamentals/Security/authentication/access-token-and-cookie-mixed-auth.md index c31cb0c38a..4ed5327c2e 100644 --- a/dev_docs/docs/Fundamentals/Security/authentication/access-token-and-cookie-mixed-auth.md +++ b/dev_docs/docs/Fundamentals/Security/authentication/access-token-and-cookie-mixed-auth.md @@ -1,5 +1,5 @@  -Along with JWT access token, Virto manager also uses cookie-based authentication. This additional check is necessary because it is impossible to intercept and inject Authorization header with the token bearer for all API calls requested other than through the [$http](https://docs.angularjs.org/api/ng/service/$http) service. These calls can be produced by other third-party JS components; direct http links and cookie-based authorization are used to solve this problem. +Along with JWT access token, Virto manager also uses cookie-based authentication. This additional check is necessary because it is impossible to intercept and inject Authorization header with the token bearer for all API calls requested other than through the [$http](https://docs.angularjs.org/api/ng/service/%24http) service. These calls can be produced by other third-party JS components; direct http links and cookie-based authorization are used to solve this problem. When the user is authorized in the platform, the system intersects all user permissions with the permissions in the `Authorization:LimitedCookiePermissions` configuration section and adds them into cookies along with issuing the JWT token. When the user makes a request to the platform, they are challenged against the helper cookie and the authentication token in accordance with the following rules: