Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-09-14 02:08:50 +02:00
Code Issues Projects Releases Wiki Activity

on alter token header if not self hosted

Browse Source
This commit is contained in:
Kyle Spearrin 2017-10-03 22:29:01 -04:00
parent a132ec4fd7
commit 1bb6244337
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/app/config.js
View File

@ -13,19 +13,20 @@ angular
$locationProvider.hashPrefix('');
var jwtConfig = {
// Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
authHeader: 'Content-Language',
whiteListedDomains: appSettings.whitelistDomains
};
// Safari doesn't work with unconventional "Content-Language" header for CORS.
// See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
var userAgent = navigator.userAgent.toLowerCase();
if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
jwtConfig = {
urlParam: 'access_token',
whiteListedDomains: appSettings.whitelistDomains
};
if (!appSettings.selfHosted) {
var userAgent = navigator.userAgent.toLowerCase();
if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
// Safari doesn't work with unconventional "Content-Language" header for CORS.
// See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
jwtConfig.urlParam = 'access_token';
}
else {
// Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
jwtConfig.authHeader = 'Content-Language';
}
}
jwtOptionsProvider.config(jwtConfig);