mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
apiconsole: allow uploads in console
By adding an XHR to "Try it out" requests, we can make non-JSON requests pass a CORS check.
This commit is contained in:
parent
a9521a8544
commit
c9f9b70b67
@ -293,6 +293,25 @@ function initialize(appModel: AppModel) {
|
|||||||
|
|
||||||
function requestInterceptor(request: SwaggerUI.Request) {
|
function requestInterceptor(request: SwaggerUI.Request) {
|
||||||
delete request.headers.Authorization;
|
delete request.headers.Authorization;
|
||||||
|
const url = new URL(request.url);
|
||||||
|
// Swagger will use this request interceptor for several kinds of
|
||||||
|
// requests, such as requesting the API YAML spec from Github:
|
||||||
|
//
|
||||||
|
// Function to intercept remote definition, "Try it out",
|
||||||
|
// and OAuth 2.0 requests.
|
||||||
|
//
|
||||||
|
// https://swagger.io/docs/open-source-tools/swagger-ui/usage/configuration/
|
||||||
|
//
|
||||||
|
// We want to ensure that only "Try it out" requests have XHR, so
|
||||||
|
// that they pass a same origin request, even if they're not GET,
|
||||||
|
// HEAD, or OPTIONS. "Try it out" requests are the requests to the
|
||||||
|
// same origin.
|
||||||
|
if (url.origin === window.origin) {
|
||||||
|
// Without this header, unauthenticated multipart POST requests
|
||||||
|
// (i.e. file uploads) would fail in the API console. We want those
|
||||||
|
// requests to succeed.
|
||||||
|
request.headers['X-Requested-With'] = 'XMLHttpRequest';
|
||||||
|
}
|
||||||
return request;
|
return request;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user