Commit 903eb914 authored by Martin Lowe's avatar Martin Lowe 🇨🇦
Browse files

Merge branch 'zhoufang/dev/392' into 'dev'

#392 Updated logic on adding CSRF for API calls

See merge request !458
parents c14b844c 3d4640b4
Pipeline #1719 passed with stage
in 0 seconds
......@@ -737,13 +737,8 @@ export const focusOnInvalidField = () => {
};
export const fetchWrapper = (url, method, callbackFunc, dataBody, errCallbackFunc) => {
const shouldExcludeCSRF =
url.includes('https://newsroom.eclipse.org/api/resources') ||
url.includes('https://api.eclipse.org/public/member/') ||
url.includes('https://projects.eclipse.org/api/projects') ||
url.includes('https://api.eclipse.org/cbi/sponsorships');
let requestHeader = shouldExcludeCSRF ? FETCH_HEADER_WITHOUT_CSRF : FETCH_HEADER;
const shouldIncludeCSRF = url[0] === '/';
let requestHeader = shouldIncludeCSRF ? FETCH_HEADER : FETCH_HEADER_WITHOUT_CSRF;
if (url.includes('/logos') && method === 'POST') {
requestHeader = { 'x-csrf-token': FETCH_HEADER['x-csrf-token'] };
......@@ -757,7 +752,7 @@ export const fetchWrapper = (url, method, callbackFunc, dataBody, errCallbackFun
.then((res) => {
if (res.ok) {
// DELETE and 204 won't return response data, so don't do json()
return method === 'DELETE' || method === 'POST' || res.status === 204 ? res : res.json();
return method === 'DELETE' || method === 'POST' || res.status === 204 ? res : res.json();
}
throw res.status;
})
......@@ -773,8 +768,7 @@ export const fetchWrapper = (url, method, callbackFunc, dataBody, errCallbackFun
export const fetchWrapperPagination = async (url, i, callbackFunc) => {
let data = [];
const shouldIncludeCSRF = url.includes('/contacts');
const shouldIncludeCSRF = url[0] === '/';
const requestHeader = shouldIncludeCSRF ? FETCH_HEADER : FETCH_HEADER_WITHOUT_CSRF;
const getData = async () => {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment