fix: pass csrf token on doi/manuscript fetch and clean up withCredent…

…ials (#1281) * fix: pass csrf token on doi/manuscript fetch * remove unnecessary withCredentials - withCredentials is not part of the fetch api and was just being ignored * clean up
eclipse-pass · Jul 8, 2024 · 9c34079 · 9c34079
1 parent 0964c95
commit 9c34079
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 7 deletions.
diff --git a/app/adapters/application.js b/app/adapters/application.js
@@ -13,7 +13,6 @@ export default class ApplicationAdapter extends JSONAPIAdapter {
 
   get headers() {
     return {
-      withCredentials: true,
       'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
     };
   }

diff --git a/app/components/workflow-files/index.js b/app/components/workflow-files/index.js
@@ -94,7 +94,6 @@ export default class WorkflowFiles extends Component {
   async uploadFile(FileUpload) {
     try {
       const response = await FileUpload.upload(ENV.fileServicePath, {
-        withCredentials: true,
         headers: {
           'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
         },

diff --git a/app/services/doi.js b/app/services/doi.js
@@ -31,7 +31,6 @@ export default class DoiService extends Service {
     let rawResponse = yield fetch(url, {
       headers: {
         Accept: 'application/json; charset=utf-8',
-        withCredentials: 'include',
         'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
       },
     });

diff --git a/app/services/metadata-schema.js b/app/services/metadata-schema.js
@@ -72,6 +72,7 @@ export default class MetadataSchemaService extends Service {
       method: 'GET',
       headers: {
         'Content-Type': 'application/json; charset=utf-8',
+        'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
       },
     };
 

diff --git a/app/services/oa-manuscript-service.js b/app/services/oa-manuscript-service.js
@@ -28,7 +28,13 @@ export default class OAManuscriptService extends Service {
 
     const url = `${this.lookUpPath}?doi=${doi}`;
 
-    return fetch(url, { method: 'GET' })
+    return fetch(url, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json; charset=utf-8',
+        'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
+      },
+    })
       .then((resp) => {
         if (resp.status !== 200) {
           console.log(`%cFailed to lookup files for DOI (${doi}). Reason: "${resp.message}"`, 'color: red;');

diff --git a/app/services/policies.js b/app/services/policies.js
@@ -32,8 +32,7 @@ export default class PoliciesService extends Service {
     const result = await fetch(url, {
       method: 'GET',
       headers: {
-        // 'Content-Type': 'application/json'
-        credentials: 'include',
+        'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
       },
     });
 
@@ -86,7 +85,7 @@ export default class PoliciesService extends Service {
     const response = yield fetch(url, {
       method: 'GET',
       headers: {
-        credentials: 'include',
+        'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
       },
     });