asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(js-sdk): Make credentials configurable in SDK (#10464)

Browse Source
This commit is contained in:
Stevche Radevski
2024-12-06 08:39:35 +01:00
committed by GitHub
parent 90ae187e09
commit bed00e154d
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
packages/core/js-sdk/src/client.ts
View File

@@ -58,17 +58,20 @@ const normalizeRequest = (
body = JSON.stringify(body)
}
// "credentials" is not supported in some environments (eg. on the backend), and it might throw an exception if the field is set.
const isFetchCredentialsSupported = "credentials" in Request.prototype
// Oftentimes the server will be on a different origin, so we want to default to include
// Note that the cookie's SameSite attribute takes precedence over this setting.
const credentials =
config.auth?.type === "session"
? config.auth?.fetchCredentials || "include"
: "omit"
return {
...init,
headers,
// TODO: Setting this to "include" poses some security risks, as it will send cookies to any domain. We should consider making this configurable.
credentials: isFetchCredentialsSupported
? config.auth?.type === "session"
? "include"
: "omit"
: undefined,
credentials: isFetchCredentialsSupported ? credentials : undefined,
...(body ? { body: body as RequestInit["body"] } : {}),
} as RequestInit
}
@@ -231,7 +234,9 @@ export class Client {
let normalizedInput: RequestInfo | URL = input
if (input instanceof URL || typeof input === "string") {
const baseUrl = new URL(this.config.baseUrl)
const fullPath = `${baseUrl.pathname.replace(/\/$/, '')}/${input.toString().replace(/^\//, '')}`
const fullPath = `${baseUrl.pathname.replace(/\/$/, "")}/${input
.toString()
.replace(/^\//, "")}`
normalizedInput = new URL(fullPath, baseUrl.origin)
if (init?.query) {
const params = Object.fromEntries(

1
packages/core/js-sdk/src/types.ts
View File

@@ -14,6 +14,7 @@ export type Config = {
type?: "jwt" | "session"
jwtTokenStorageKey?: string
jwtTokenStorageMethod?: "local" | "session" | "memory" | "nostore"
fetchCredentials?: "include" | "omit" | "same-origin"
}
logger?: Logger
debug?: boolean