on alter token header if not self hosted

This commit is contained in:
Kyle Spearrin 2017-10-03 22:29:01 -04:00
parent a132ec4fd7
commit 1bb6244337
1 changed files with 11 additions and 10 deletions

View File

@ -13,19 +13,20 @@ angular
$locationProvider.hashPrefix('');
var jwtConfig = {
// Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
authHeader: 'Content-Language',
whiteListedDomains: appSettings.whitelistDomains
};
// Safari doesn't work with unconventional "Content-Language" header for CORS.
// See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
var userAgent = navigator.userAgent.toLowerCase();
if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
jwtConfig = {
urlParam: 'access_token',
whiteListedDomains: appSettings.whitelistDomains
};
if (!appSettings.selfHosted) {
var userAgent = navigator.userAgent.toLowerCase();
if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
// Safari doesn't work with unconventional "Content-Language" header for CORS.
// See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
jwtConfig.urlParam = 'access_token';
}
else {
// Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
jwtConfig.authHeader = 'Content-Language';
}
}
jwtOptionsProvider.config(jwtConfig);