Configurable CORS credentials (#456)

* Configurable CORS credentials * update readme
2025-04-05 18:08:29 +00:00
parent f4084969b6
commit 218f0ba03c
7 changed files with 62 additions and 0 deletions
--- a/src/synapse/authProvider.test.ts
+++ b/src/synapse/authProvider.test.ts
@@ -35,6 +35,7 @@ describe("authProvider", () => {
          Accept: "application/json",
          "Content-Type": "application/json",
        }),
+        credentials: "same-origin",
        method: "POST",
      });
      expect(localStorage.getItem("base_url")).toEqual("http://example.com");
@@ -66,6 +67,7 @@ describe("authProvider", () => {
        Accept: "application/json",
        "Content-Type": "application/json",
      }),
+      credentials: "same-origin",
      method: "POST",
    });
    expect(localStorage.getItem("base_url")).toEqual("https://example.com");
@@ -88,6 +90,7 @@ describe("authProvider", () => {
          Authorization: "Bearer foo",
        }),
        method: "POST",
+        credentials: "same-origin",
        user: { authenticated: true, token: "Bearer foo" },
      });
      expect(localStorage.getItem("access_token")).toBeNull();
--- a/src/synapse/authProvider.ts
+++ b/src/synapse/authProvider.ts
@@ -23,6 +23,7 @@ const authProvider: AuthProvider = {
    console.log("login ");
    let options: Options = {
      method: "POST",
+      credentials: GetConfig().corsCredentials,
      body: JSON.stringify(
        Object.assign(
          {
@@ -151,6 +152,7 @@ const authProvider: AuthProvider = {

    const options: Options = {
      method: "POST",
+      credentials: GetConfig().corsCredentials,
      user: {
        authenticated: true,
        token: `Bearer ${access_token}`,
--- a/src/synapse/dataProvider.ts
+++ b/src/synapse/dataProvider.ts
@@ -14,6 +14,7 @@ import {
 } from "react-admin";

 import { returnMXID } from "../utils/mxid";
+import { GetConfig } from "../utils/config";
 import { MatrixError, displayError } from "../utils/error";

 const CACHED_MANY_REF: Record<string, any> = {};
@@ -22,6 +23,7 @@ const CACHED_MANY_REF: Record<string, any> = {};
 const jsonClient = async (url: string, options: Options = {}) => {
  const token = localStorage.getItem("access_token");
  console.log("httpClient " + url);
+  options.credentials = GetConfig().corsCredentials;
  if (token !== null) {
    options.user = {
      authenticated: true,
--- a/src/utils/config.ts
+++ b/src/utils/config.ts
@@ -1,5 +1,6 @@
 export interface Config {
  restrictBaseUrl: string | string[];
+  corsCredentials: string;
  asManagedUsers: RegExp[];
  menu: MenuItem[];
  etkeccAdmin?: string;
@@ -16,6 +17,7 @@ export const WellKnownKey = "cc.etke.synapse-admin";
 // current configuration
 let config: Config = {
  restrictBaseUrl: "",
+  corsCredentials: "same-origin",
  asManagedUsers: [],
  menu: [],
  etkeccAdmin: ""
@@ -69,6 +71,10 @@ export const LoadConfig = (context: any) => {
    config.restrictBaseUrl = context.restrictBaseUrl as string | string[];
  }

+  if (context?.corsCredentials) {
+    config.corsCredentials = context.corsCredentials;
+  }
+
  if (context?.asManagedUsers) {
    config.asManagedUsers = context.asManagedUsers.map((regex: string) => new RegExp(regex));
  }