Do not override `withCredentials` params when set

5 years ago · f921d3698f
parent 1aa644ebd8
commit f921d3698f
3 changed files with 24 additions and 15 deletions
--- a/frontend/src/app/components/work-packages/work-package.service.ts
+++ b/frontend/src/app/components/work-packages/work-package.service.ts
@ -56,7 +56,10 @@ export class WorkPackageService {
      'ids[]': ids
    };
    const promise = this.http
-      .delete(this.PathHelper.workPackagesBulkDeletePath(), {params: params})
+      .delete(
+        this.PathHelper.workPackagesBulkDeletePath(),
+        {params: params, withCredentials: true}
+      )
      .toPromise();

    if (defaultHandling) {
--- a/frontend/src/app/modules/hal/dm-services/query-order-dm.service.ts
+++ b/frontend/src/app/modules/hal/dm-services/query-order-dm.service.ts
@ -51,7 +51,8 @@ export class QueryOrderDmService {
    return this.http
      .patch(
        this.orderPath(id),
-        { delta: delta }
+        { delta: delta },
+        { withCredentials: true }
      )
      .toPromise()
      .then((response:{t:string}) => response.t);
--- a/frontend/src/app/modules/hal/http/openproject-header-interceptor.ts
+++ b/frontend/src/app/modules/hal/http/openproject-header-interceptor.ts
@ -10,6 +10,8 @@ export class OpenProjectHeaderInterceptor implements HttpInterceptor {
  intercept(req:HttpRequest<any>, next:HttpHandler):Observable<HttpEvent<any>> {
    const csrf_token:string|undefined = jQuery('meta[name=csrf-token]').attr('content');

+    if (req.withCredentials !== false) {
+
      let newHeaders = req.headers
        .set('X-Authentication-Scheme', 'Session')
        .set('X-Requested-With', 'XMLHttpRequest');
@ -27,4 +29,7 @@ export class OpenProjectHeaderInterceptor implements HttpInterceptor {
      // Pass the cloned request instead of the original request to the next handle
      return next.handle(clonedRequest);
    }
+
+    return next.handle(req);
+  }
 }