back to access_token for safari for now

2024-11-06 09:20:43 +01:00 · 2017-10-03 09:18:19 -04:00 · 2017-10-03 09:18:19 -04:00 · 37364ecd7e
commit 37364ecd7e
parent 48d9e626f5
1 changed files with 15 additions and 2 deletions
--- a/src/app/config.js
+++ b/src/app/config.js
@ -11,11 +11,24 @@ angular

        $qProvider.errorOnUnhandledRejections(false);
        $locationProvider.hashPrefix('');
-        jwtOptionsProvider.config({
+
+        var jwtConfig = {
            // Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
            authHeader: 'Content-Language',
            whiteListedDomains: appSettings.whitelistDomains
-        });
+        };
+
+        // Safari doesn't work with unconventional "Content-Language" header for CORS.
+        // See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+        var userAgent = navigator.userAgent.toLowerCase();
+        if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
+            jwtConfig = {
+                urlParam: 'access_token',
+                whiteListedDomains: appSettings.whitelistDomains
+            };
+        }
+
+        jwtOptionsProvider.config(jwtConfig);
        var refreshPromise;
        jwtInterceptorProvider.tokenGetter = /*@ngInject*/ function (options, tokenService, authService) {
            if (options.url.indexOf(appSettings.apiUri) !== 0) {