From c06cc60b9045fb8eceeaa79c13a2db0c82309d86 Mon Sep 17 00:00:00 2001 From: John Cowen Date: Thu, 1 Sep 2022 18:15:06 +0100 Subject: [PATCH] ui: Use credentials for all HTTP API requests (#14343) Adds withCredentials/credentials to all HTTP API requests. --- .changelog/14343.txt | 4 ++++ ui/packages/consul-ui/app/services/client/http.js | 1 + ui/packages/consul-ui/app/utils/http/xhr.js | 1 + 3 files changed, 6 insertions(+) create mode 100644 .changelog/14343.txt diff --git a/.changelog/14343.txt b/.changelog/14343.txt new file mode 100644 index 0000000000..94e7432b44 --- /dev/null +++ b/.changelog/14343.txt @@ -0,0 +1,4 @@ +```release-note:feature +ui: Use withCredentials for all HTTP API requests +``` + diff --git a/ui/packages/consul-ui/app/services/client/http.js b/ui/packages/consul-ui/app/services/client/http.js index 6d3659c22c..9b77365019 100644 --- a/ui/packages/consul-ui/app/services/client/http.js +++ b/ui/packages/consul-ui/app/services/client/http.js @@ -210,6 +210,7 @@ export default class HttpService extends Service { return this.settings.findBySlug('token').then(token => { return fetch(`${path}`, { ...params, + credentials: 'include', headers: { 'X-Consul-Token': typeof token.SecretID === 'undefined' ? '' : token.SecretID, ...params.headers, diff --git a/ui/packages/consul-ui/app/utils/http/xhr.js b/ui/packages/consul-ui/app/utils/http/xhr.js index cbdea6411f..8ef24a0194 100644 --- a/ui/packages/consul-ui/app/utils/http/xhr.js +++ b/ui/packages/consul-ui/app/utils/http/xhr.js @@ -27,6 +27,7 @@ export default function(parseHeaders, XHR) { }; Object.entries(headers).forEach(([key, value]) => xhr.setRequestHeader(key, value)); options.beforeSend(xhr); + xhr.withCredentials = true; xhr.send(options.body); return xhr; };