From fd69163e52b0beb1c52ab60df7ca7510552badc3 Mon Sep 17 00:00:00 2001 From: Ziling Zhao Date: Wed, 13 Jul 2016 20:27:33 -0700 Subject: [PATCH] allow setting withCredentials in spf xhr options * forward withCerdentials in spf.nav.request.send * thread through nav.load --- src/api.js | 7 +++++++ src/client/base.js | 4 +++- src/client/nav/nav.js | 3 ++- src/client/nav/request.js | 9 ++++++++- src/client/net/xhr.js | 8 +++++++- 5 files changed, 27 insertions(+), 4 deletions(-) diff --git a/src/api.js b/src/api.js index 08637efd..e64d08c0 100644 --- a/src/api.js +++ b/src/api.js @@ -325,6 +325,13 @@ spf.RequestOptions.prototype.onDone; spf.RequestOptions.prototype.postData; +/** + * Optional flag to configure the XHR to send withCredentials or not. + * @type {boolean|undefined} + */ +spf.RequestOptions.prototype.withCredentials; + + /** * Definition of CustomEvents dispatched by SPF. * @interface diff --git a/src/client/base.js b/src/client/base.js index 21ba2609..9d7e38bf 100644 --- a/src/client/base.js +++ b/src/client/base.js @@ -285,6 +285,7 @@ spf.MultipartResponse; * - onRequest: optional callback when a request will be made. * - postData: optional data to send with a request. Only used if the method * is set to "POST". + * - withCredentials: optional flag to send credentials if true. * * @typedef {{ * headers: (Object.|undefined), @@ -295,7 +296,8 @@ spf.MultipartResponse; * onPartProcess: (function(spf.EventDetail)|undefined), * onProcess: (function(spf.EventDetail)|undefined), * onRequest: (function(spf.EventDetail)|undefined), - * postData: (ArrayBuffer|Blob|Document|FormData|null|string|undefined) + * postData: (ArrayBuffer|Blob|Document|FormData|null|string|undefined), + * withCredentials: (boolean|undefined) * }} */ spf.RequestOptions; diff --git a/src/client/nav/nav.js b/src/client/nav/nav.js index 9a989e55..85a9c245 100644 --- a/src/client/nav/nav.js +++ b/src/client/nav/nav.js @@ -983,7 +983,8 @@ spf.nav.load_ = function(url, options, info) { onError: handleError, onSuccess: handleSuccess, postData: options['postData'], - type: info.type + type: info.type, + withCredentials: options['withCredentials'] }); }; diff --git a/src/client/nav/request.js b/src/client/nav/request.js index 19c21c17..4c93f57f 100644 --- a/src/client/nav/request.js +++ b/src/client/nav/request.js @@ -52,6 +52,7 @@ goog.require('spf.url'); * alter the URL identifier and XHR header and used to determine whether * the global "navigation received" callback is executed; defaults to * "request". + * - withCredentials: optional flag to send credentials if true. * * @typedef {{ * method: (string|undefined), @@ -65,7 +66,8 @@ goog.require('spf.url'); * postData: spf.net.xhr.PostData, * current: (string|null|undefined), * referer: (string|null|undefined), - * type: (string|undefined) + * type: (string|undefined), + * withCredentials: (boolean|undefined) * }} */ spf.nav.request.Options; @@ -194,6 +196,11 @@ spf.nav.request.send = function(url, opt_options) { onDone: handleComplete, onTimeout: handleComplete }; + + if (options.withCredentials) { + xhrOpts.withCredentials = options.withCredentials; + } + // As an advanced option, allow XHR requests to enforce JSON responses. // This can make response parsing more efficient by reducing contention on // the main thread (especially for very large responses), but as a diff --git a/src/client/net/xhr.js b/src/client/net/xhr.js index 41077656..1e363fd6 100644 --- a/src/client/net/xhr.js +++ b/src/client/net/xhr.js @@ -30,6 +30,7 @@ goog.require('spf'); * - responseType: type to create from the XHR response. * - timeoutMs: number of milliseconds after which the request will be timed * out by the client. Default is to allow the browser to handle timeouts. + * - withCredentials: optional flag to send credentials if true. * * @typedef {{ * headers: (Object.|undefined), @@ -38,7 +39,8 @@ goog.require('spf'); * onHeaders: (function(XMLHttpRequest)|undefined), * onTimeout: (function(XMLHttpRequest)|undefined), * responseType: (string|undefined), - * timeoutMs: (number|undefined) + * timeoutMs: (number|undefined), + * withCredentials: (boolean|undefined) * }} */ spf.net.xhr.Options; @@ -151,6 +153,10 @@ spf.net.xhr.send = function(method, url, data, opt_options) { xhr.responseType = 'json'; } + if (options.withCredentials) { + xhr.withCredentials = options.withCredentials; + } + // For POST, default to `Content-Type: application/x-www-form-urlencoded` // unless a custom header was given. var isFormData = ('FormData' in window && data instanceof FormData);