From cc652a9476b54cb9ecc267ac039b304ee6899d06 Mon Sep 17 00:00:00 2001 From: Alexei Chetroi Date: Thu, 2 Aug 2018 08:11:53 -0400 Subject: [PATCH] allow 'same-origin' credentials for fetch() (#1530) --- src/auth/ha-auth-flow.js | 2 ++ src/auth/ha-pick-auth-provider.js | 2 +- src/common/auth/fetch_token.js | 1 + src/common/auth/refresh_token.js | 1 + src/entrypoints/service-worker-hass.js | 1 + src/util/hass-translation.js | 2 +- 6 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/auth/ha-auth-flow.js b/src/auth/ha-auth-flow.js index a676aad401..1a6455eb3a 100644 --- a/src/auth/ha-auth-flow.js +++ b/src/auth/ha-auth-flow.js @@ -72,6 +72,7 @@ class HaAuthFlow extends EventsMixin(PolymerElement) { fetch('/auth/login_flow', { method: 'POST', + credentials: 'same-origin', body: JSON.stringify({ client_id: this.clientId, handler: [this.authProvider.type, this.authProvider.id], @@ -111,6 +112,7 @@ class HaAuthFlow extends EventsMixin(PolymerElement) { fetch(`/auth/login_flow/${this._step.flow_id}`, { method: 'POST', + credentials: 'same-origin', body: JSON.stringify(postData) }).then((response) => { if (!response.ok) throw new Error(); diff --git a/src/auth/ha-pick-auth-provider.js b/src/auth/ha-pick-auth-provider.js index 2041ee54cf..80591d31d9 100644 --- a/src/auth/ha-pick-auth-provider.js +++ b/src/auth/ha-pick-auth-provider.js @@ -53,7 +53,7 @@ class HaPickAuthProvider extends EventsMixin(PolymerElement) { connectedCallback() { super.connectedCallback(); - fetch('/auth/providers').then((response) => { + fetch('/auth/providers', { credentials: 'same-origin' }).then((response) => { if (!response.ok) throw new Error(); return response.json(); }).then((authProviders) => { diff --git a/src/common/auth/fetch_token.js b/src/common/auth/fetch_token.js index 5384410fa7..ac0033755a 100644 --- a/src/common/auth/fetch_token.js +++ b/src/common/auth/fetch_token.js @@ -4,6 +4,7 @@ export default function fetchToken(clientId, code) { data.append('grant_type', 'authorization_code'); data.append('code', code); return fetch('/auth/token', { + credentials: 'same-origin', method: 'POST', body: data, }).then((resp) => { diff --git a/src/common/auth/refresh_token.js b/src/common/auth/refresh_token.js index d4b53264a4..30df3ebfa5 100644 --- a/src/common/auth/refresh_token.js +++ b/src/common/auth/refresh_token.js @@ -4,6 +4,7 @@ export default function refreshAccessToken(clientId, refreshToken) { data.append('grant_type', 'refresh_token'); data.append('refresh_token', refreshToken); return fetch('/auth/token', { + credentials: 'same-origin', method: 'POST', body: data, }).then((resp) => { diff --git a/src/entrypoints/service-worker-hass.js b/src/entrypoints/service-worker-hass.js index b20ac7a2a0..c60f78f220 100644 --- a/src/entrypoints/service-worker-hass.js +++ b/src/entrypoints/service-worker-hass.js @@ -41,6 +41,7 @@ function initPushNotifications() { delete payload.data; } fetch('/api/notify.html5/callback', { + credentials: 'same-origin', method: 'POST', headers: new Headers({ 'Content-Type': 'application/json', Authorization: 'Bearer ' + jwt }), diff --git a/src/util/hass-translation.js b/src/util/hass-translation.js index 77ad24c7ae..c8f9882cdf 100644 --- a/src/util/hass-translation.js +++ b/src/util/hass-translation.js @@ -80,7 +80,7 @@ export function getTranslation(fragment, translationInput) { // Create a promise to fetch translation from the server if (!translations[translationFingerprint]) { translations[translationFingerprint] = - fetch(`/static/translations/${translationFingerprint}`, { credentials: 'include' }) + fetch(`/static/translations/${translationFingerprint}`, { credentials: 'same-origin' }) .then(response => response.json()).then(data => ({ language: translation, data: data,