Merge pull request #825 from aholachek/xhrfields

limiting xhrfields.withcredentials to subset of api targets
adsabs · Mar 1, 2016 · c3312a3 · c3312a3
2 parents 8046a34 + 702407a
commit c3312a3
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 15 deletions.
diff --git a/src/js/apps/discovery/main.js b/src/js/apps/discovery/main.js
@@ -68,6 +68,7 @@ define(['config', 'module'], function(config, module) {
                         var text = $sidebar.hasClass("show") ? '  <i class="fa fa-close"></i> Close Menu' : ' <i class="fa fa-bars"></i> Show Menu';
                         $button.html(text);
                      });
+
           //accessibility: skip to main content
           $("body").on("click", "#skip-to-main-content", function(e){
             e.preventDefault();

diff --git a/src/js/components/api_targets.js b/src/js/components/api_targets.js
@@ -14,7 +14,8 @@ define([
     Backbone
     ) {
 
-    return {
+   var config =  {
+      BOOTSTRAP : '/accounts/bootstrap',
       SEARCH: 'search/query',
       QTREE: 'search/qtree',
       BIGQUERY: 'search/bigquery',
@@ -58,8 +59,9 @@ define([
       * this is used by the mixin 'user_change_rows' to set max allowed/default requested
       */
 
-      _limits  : {
-        //use the same name from discovery.config.js
+
+     _limits  : {
+      //use the same name from discovery.config.js
 
         ExportWidget : {
           default : 500, limit : 3000
@@ -71,21 +73,46 @@ define([
 
         AuthorNetwork : {
           default : 400, limit : 1000
-
         },
+
         PaperNetwork : {
           default : 400, limit : 1000
-
         },
+
         ConceptCloud : {
           default : 150, limit : 150
-
         },
+
         BubbleChart : {
           //default == limit
           default : 1500
         }
       }
 
     };
+
+    //add credential info
+
+    //doesn't require cross domain cookies
+    config._doesntNeedCredentials = [
+
+        config.SEARCH,
+        config.QTREE,
+        config.BIGQUERY,
+        config.EXPORT,
+        config.SERVICE_AUTHOR_NETWORK,
+        config.SERVICE_PAPER_NETWORK,
+        config.SERVICE_WORDCLOUD,
+        config.SERVICE_METRICS,
+        config.RECOMMENDER,
+        config.GRAPHICS,
+        config.FEEDBACK
+
+    ];
+
+
+    return config;
+
+
+
   });
diff --git a/src/js/mixins/discovery_bootstrap.js b/src/js/mixins/discovery_bootstrap.js
@@ -8,15 +8,18 @@ define([
     'js/components/api_query',
     'js/components/api_request',
     'js/components/pubsub_events',
-    'hbs'
+    'hbs',
+    'js/components/api_targets'
     ],
   function(
     _,
     Backbone,
     ApiQuery,
     ApiRequest,
     PubSubEvents,
-    HandleBars) {
+    HandleBars,
+    ApiTargets
+  ) {
 
   var Mixin = {
 
@@ -46,12 +49,15 @@ define([
           api.clientVersion = conf.version;
         }
 
-        // modify the behaviour of all ajax requests
-        api.modifyRequestOptions = function(opts) {
-          //need this so that cross domain cookies will work!
-          // TODO: set this only for some requests - that way we'll save data channel (no cookies)
-          opts.xhrFields = {
-            withCredentials: true
+        //ApiTargets has a _needsCredentials array that contains all endpoints
+        //that require cookies
+        api.modifyRequestOptions = function(opts, request) {
+          // there is a list of endpoints that DONT require cookies, if this endpoint
+          // is not in that list,
+          if (ApiTargets._doesntNeedCredentials.indexOf(request.get("target")) == -1){
+            opts.xhrFields = {
+              withCredentials: true
+            }
           }
         };
 

diff --git a/src/js/services/api.js b/src/js/services/api.js
@@ -161,7 +161,7 @@ define([
 
       this.outstandingRequests++;
 
-      this.modifyRequestOptions(opts);
+      this.modifyRequestOptions(opts, request);
 
       var jqXhr = $.ajax(opts)
         .always(opts.always ? [this.always, opts.always] : this.always)