TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not override `withCredentials` params when set

Browse Source
pull/7878/head
Henriette Dinger 5 years ago committed by Oliver Günther
parent 1aa644ebd8
commit f921d3698f
No known key found for this signature in database
GPG Key ID: A3A8BDAD7C0C552C
3 changed files with 24 additions and 15 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      frontend/src/app/components/work-packages/work-package.service.ts
  2. 3
      frontend/src/app/modules/hal/dm-services/query-order-dm.service.ts
  3. 31
      frontend/src/app/modules/hal/http/openproject-header-interceptor.ts

5
frontend/src/app/components/work-packages/work-package.service.ts
Unescape View File

@ -56,7 +56,10 @@ export class WorkPackageService {
'ids[]': ids 'ids[]': ids
}; };
const promise = this.http const promise = this.http
.delete(this.PathHelper.workPackagesBulkDeletePath(), {params: params}) .delete(
this.PathHelper.workPackagesBulkDeletePath(),
{params: params, withCredentials: true}
)
.toPromise(); .toPromise();
if (defaultHandling) { if (defaultHandling) {

3
frontend/src/app/modules/hal/dm-services/query-order-dm.service.ts
Unescape View File

@ -51,7 +51,8 @@ export class QueryOrderDmService {
return this.http return this.http
.patch( .patch(
this.orderPath(id), this.orderPath(id),
{ delta: delta } { delta: delta },
{ withCredentials: true }
) )
.toPromise() .toPromise()
.then((response:{t:string}) => response.t); .then((response:{t:string}) => response.t);

31
frontend/src/app/modules/hal/http/openproject-header-interceptor.ts
Unescape View File

@ -10,21 +10,26 @@ export class OpenProjectHeaderInterceptor implements HttpInterceptor {
intercept(req:HttpRequest<any>, next:HttpHandler):Observable<HttpEvent<any>> { intercept(req:HttpRequest<any>, next:HttpHandler):Observable<HttpEvent<any>> {
const csrf_token:string|undefined = jQuery('meta[name=csrf-token]').attr('content'); const csrf_token:string|undefined = jQuery('meta[name=csrf-token]').attr('content');
let newHeaders = req.headers if (req.withCredentials !== false) {
.set('X-Authentication-Scheme', 'Session')
.set('X-Requested-With', 'XMLHttpRequest');
if (csrf_token) { let newHeaders = req.headers
newHeaders = newHeaders.set('X-CSRF-TOKEN', csrf_token); .set('X-Authentication-Scheme', 'Session')
} .set('X-Requested-With', 'XMLHttpRequest');
if (csrf_token) {
newHeaders = newHeaders.set('X-CSRF-TOKEN', csrf_token);
}
// Clone the request to add the new header // Clone the request to add the new header
const clonedRequest = req.clone({ const clonedRequest = req.clone({
withCredentials: true, withCredentials: true,
headers: newHeaders headers: newHeaders
}); });
// Pass the cloned request instead of the original request to the next handle
return next.handle(clonedRequest);
}
// Pass the cloned request instead of the original request to the next handle return next.handle(req);
return next.handle(clonedRequest);
} }
} }

Write Preview
Loading…
Cancel
Save