feat: ability to enable xhr creds when cross-site

Mohamed Nur · Mohamed Nur · commit 4cea46ffd504 · 2022-05-17T11:04:55.000-04:00
Signed-off-by: Mohamed Nur &lt;mohamed.nur@cds-snc.ca&gt;
diff --git a/public/static/config.json b/public/static/config.json
@@ -1,5 +1,6 @@
 {
   "API_BASE_URL": "",
+  "API_WITH_CREDENTIALS": false,
   "OIDC_ISSUER": "",
   "OIDC_CLIENT_ID": "",
   "OIDC_SCOPE": "openid email profile",
diff --git a/src/App.vue b/src/App.vue
@@ -38,6 +38,16 @@
 
       setJwtForAjax(getToken());
 
+      // Enable credentialed cross-site Access-Control requests
+      if (this.$api.WITH_CREDENTIALS){
+        this.axios.interceptors.request.use(
+          function(config) {
+            config.withCredentials = true;
+            return config;
+          }
+        );
+      }
+
       // debug logging of ajax requests/responses
       if (getUrlVar('debug')) {
         $(document).ajaxComplete((event, xhr) => {
diff --git a/src/main.js b/src/main.js
@@ -44,6 +44,10 @@ axios.get(contextPath + "/static/config.json").then(response => {
   } else {
     Vue.prototype.$api.BASE_URL = contextPath;
   }
+
+  // XHR cross-site cookie credentials
+  Vue.prototype.$api.WITH_CREDENTIALS = response.data.API_WITH_CREDENTIALS;
+
   // OpenID Connect
   Vue.prototype.$oidc.ISSUER = response.data.OIDC_ISSUER;
   Vue.prototype.$oidc.CLIENT_ID = response.data.OIDC_CLIENT_ID;

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"API_BASE_URL": "",`
	`3`	`+ "API_WITH_CREDENTIALS": false,`
`3`	`4`	`"OIDC_ISSUER": "",`
`4`	`5`	`"OIDC_CLIENT_ID": "",`
`5`	`6`	`"OIDC_SCOPE": "openid email profile",`