references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18952 from opf/bug/64091-polling-activity-updates-can-cause-browser-s-basic-auth-pop-up

Browse Source 
[#64091] Turbo requests can trigger pointless browser's Basic auth pop-up
This commit is contained in:
Oliver Günther
2025-05-30 09:42:23 +02:00
committed by GitHub
parent 3e005de4ba f860bca593
commit ffd8bb6d65
6 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/app/core/turbo/turbo-requests.service.ts
+12 -1
View File
@@ -14,6 +14,15 @@ export class TurboRequestsService {
html:string,
headers:Headers
}> {
const defaultHeaders = {
'X-Authentication-Scheme': 'Session',
};
init.headers = {
...defaultHeaders,
...init.headers,
};
return fetch(url, init)
.then((response) => {
return response.text().then((html) => ({
@@ -72,7 +81,9 @@ export class TurboRequestsService {
public requestStream(url:string):Promise<{ html:string, headers:Headers }> {
return this.request(url, {
method: 'GET',
headers: { Accept: 'text/vnd.turbo-stream.html' },
headers: {
Accept: 'text/vnd.turbo-stream.html',
},
credentials: 'same-origin',
});
}
frontend/src/stimulus/controllers/async-dialog.controller.ts
+1
View File
@@ -47,6 +47,7 @@ export default class AsyncDialogController extends ApplicationController {
method: this.method,
headers: {
Accept: 'text/vnd.turbo-stream.html',
'X-Authentication-Scheme': 'Session',
},
}).then((r) => r.text())
.then((html) => {
frontend/src/stimulus/controllers/dynamic/meetings/form.controller.ts
+3 -1
View File
@@ -57,7 +57,9 @@ export default class OpMeetingsFormController extends ApplicationController {
.request(
`${this.pathHelper.staticBase}/meetings/fetch_timezone?${urlSearchParams.toString()}`,
{
headers: { Accept: 'text/vnd.turbo-stream.html' },
headers: {
Accept: 'text/vnd.turbo-stream.html',
},
},
);
}
frontend/src/stimulus/controllers/dynamic/recurring-meetings/form.controller.ts
+3 -1
View File
@@ -25,7 +25,9 @@ export default class OpRecurringMeetingsFormController extends ApplicationContro
.request(
`${this.pathHelper.staticBase}/recurring_meetings/humanize_schedule?${urlSearchParams.toString()}`,
{
headers: { Accept: 'text/vnd.turbo-stream.html' },
headers: {
Accept: 'text/vnd.turbo-stream.html',
},
},
);
}
frontend/src/stimulus/controllers/poll-for-changes.controller.ts
+1
View File
@@ -76,6 +76,7 @@ export default class PollForChangesController extends ApplicationController {
void fetch(`${this.urlValue}?reference=${this.buildReference()}`, {
headers: {
Accept: 'text/vnd.turbo-stream.html',
'X-Authentication-Scheme': 'Session',
},
}).then(async (r) => {
if (r.status === 200) {
frontend/src/turbo/turbo-event-listeners.ts
+1
View File
@@ -31,6 +31,7 @@ export function addTurboEventListeners() {
const headers = event.detail.fetchOptions.headers as Record<string, string>;
headers['Turbo-Referrer'] = window.location.href;
headers['X-Turbo-Nonce'] = document.getElementsByName('csp-nonce')[0]?.getAttribute('content') || '';
headers['X-Authentication-Scheme'] = 'Session';
});
// Turbo adds nonces to all scripts, even though we want to explicitly pass nonces