1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-31 17:57:43 +01:00

on alter token header if not self hosted

This commit is contained in:
Kyle Spearrin 2017-10-03 22:29:01 -04:00
parent a132ec4fd7
commit 1bb6244337

View File

@ -13,19 +13,20 @@ angular
$locationProvider.hashPrefix(''); $locationProvider.hashPrefix('');
var jwtConfig = { var jwtConfig = {
// Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
authHeader: 'Content-Language',
whiteListedDomains: appSettings.whitelistDomains whiteListedDomains: appSettings.whitelistDomains
}; };
// Safari doesn't work with unconventional "Content-Language" header for CORS. if (!appSettings.selfHosted) {
// See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
var userAgent = navigator.userAgent.toLowerCase(); var userAgent = navigator.userAgent.toLowerCase();
if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) { if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
jwtConfig = { // Safari doesn't work with unconventional "Content-Language" header for CORS.
urlParam: 'access_token', // See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
whiteListedDomains: appSettings.whitelistDomains jwtConfig.urlParam = 'access_token';
}; }
else {
// Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
jwtConfig.authHeader = 'Content-Language';
}
} }
jwtOptionsProvider.config(jwtConfig); jwtOptionsProvider.config(jwtConfig);