mirror of
https://github.com/vector-im/hydrogen-web.git
synced 2024-12-22 19:14:52 +01:00
don't send access token on /versions
as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path
This commit is contained in:
parent
1d33ab20a5
commit
8cf29e344b
@ -73,13 +73,13 @@ export class HomeServerApi {
|
|||||||
return `${this._homeserver}/_matrix/client/r0${csPath}`;
|
return `${this._homeserver}/_matrix/client/r0${csPath}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
_request(method, url, queryParams, body, options) {
|
_baseRequest(method, url, queryParams, body, options, accessToken) {
|
||||||
const queryString = encodeQueryParams(queryParams);
|
const queryString = encodeQueryParams(queryParams);
|
||||||
url = `${url}?${queryString}`;
|
url = `${url}?${queryString}`;
|
||||||
let bodyString;
|
let bodyString;
|
||||||
const headers = new Map();
|
const headers = new Map();
|
||||||
if (this._accessToken) {
|
if (accessToken) {
|
||||||
headers.set("Authorization", `Bearer ${this._accessToken}`);
|
headers.set("Authorization", `Bearer ${accessToken}`);
|
||||||
}
|
}
|
||||||
headers.set("Accept", "application/json");
|
headers.set("Accept", "application/json");
|
||||||
if (body) {
|
if (body) {
|
||||||
@ -106,16 +106,24 @@ export class HomeServerApi {
|
|||||||
return wrapper;
|
return wrapper;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_unauthedRequest(method, url, queryParams, body, options) {
|
||||||
|
return this._baseRequest(method, url, queryParams, body, options, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
_authedRequest(method, url, queryParams, body, options) {
|
||||||
|
return this._baseRequest(method, url, queryParams, body, options, this._accessToken);
|
||||||
|
}
|
||||||
|
|
||||||
_post(csPath, queryParams, body, options) {
|
_post(csPath, queryParams, body, options) {
|
||||||
return this._request("POST", this._url(csPath), queryParams, body, options);
|
return this._authedRequest("POST", this._url(csPath), queryParams, body, options);
|
||||||
}
|
}
|
||||||
|
|
||||||
_put(csPath, queryParams, body, options) {
|
_put(csPath, queryParams, body, options) {
|
||||||
return this._request("PUT", this._url(csPath), queryParams, body, options);
|
return this._authedRequest("PUT", this._url(csPath), queryParams, body, options);
|
||||||
}
|
}
|
||||||
|
|
||||||
_get(csPath, queryParams, body, options) {
|
_get(csPath, queryParams, body, options) {
|
||||||
return this._request("GET", this._url(csPath), queryParams, body, options);
|
return this._authedRequest("GET", this._url(csPath), queryParams, body, options);
|
||||||
}
|
}
|
||||||
|
|
||||||
sync(since, filter, timeout, options = null) {
|
sync(since, filter, timeout, options = null) {
|
||||||
@ -142,7 +150,7 @@ export class HomeServerApi {
|
|||||||
}
|
}
|
||||||
|
|
||||||
passwordLogin(username, password, initialDeviceDisplayName, options = null) {
|
passwordLogin(username, password, initialDeviceDisplayName, options = null) {
|
||||||
return this._post("/login", null, {
|
return this._unauthedRequest("POST", this._url("/login"), null, {
|
||||||
"type": "m.login.password",
|
"type": "m.login.password",
|
||||||
"identifier": {
|
"identifier": {
|
||||||
"type": "m.id.user",
|
"type": "m.id.user",
|
||||||
@ -158,7 +166,7 @@ export class HomeServerApi {
|
|||||||
}
|
}
|
||||||
|
|
||||||
versions(options = null) {
|
versions(options = null) {
|
||||||
return this._request("GET", `${this._homeserver}/_matrix/client/versions`, null, null, options);
|
return this._unauthedRequest("GET", `${this._homeserver}/_matrix/client/versions`, null, null, options);
|
||||||
}
|
}
|
||||||
|
|
||||||
uploadKeys(payload, options = null) {
|
uploadKeys(payload, options = null) {
|
||||||
|
Loading…
Reference in New Issue
Block a user