mirror of
https://github.com/bitwarden/browser.git
synced 2025-01-15 20:11:30 +01:00
on alter token header if not self hosted
This commit is contained in:
parent
a132ec4fd7
commit
1bb6244337
@ -13,19 +13,20 @@ angular
|
|||||||
$locationProvider.hashPrefix('');
|
$locationProvider.hashPrefix('');
|
||||||
|
|
||||||
var jwtConfig = {
|
var jwtConfig = {
|
||||||
// Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
|
|
||||||
authHeader: 'Content-Language',
|
|
||||||
whiteListedDomains: appSettings.whitelistDomains
|
whiteListedDomains: appSettings.whitelistDomains
|
||||||
};
|
};
|
||||||
|
|
||||||
// Safari doesn't work with unconventional "Content-Language" header for CORS.
|
if (!appSettings.selfHosted) {
|
||||||
// See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
|
var userAgent = navigator.userAgent.toLowerCase();
|
||||||
var userAgent = navigator.userAgent.toLowerCase();
|
if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
|
||||||
if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
|
// Safari doesn't work with unconventional "Content-Language" header for CORS.
|
||||||
jwtConfig = {
|
// See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
|
||||||
urlParam: 'access_token',
|
jwtConfig.urlParam = 'access_token';
|
||||||
whiteListedDomains: appSettings.whitelistDomains
|
}
|
||||||
};
|
else {
|
||||||
|
// Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
|
||||||
|
jwtConfig.authHeader = 'Content-Language';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
jwtOptionsProvider.config(jwtConfig);
|
jwtOptionsProvider.config(jwtConfig);
|
||||||
|
Loading…
Reference in New Issue
Block a user