-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Set X-Requested-With header on all requests to avoid browser auth dialogs #39924
Conversation
153d971
to
b83af90
Compare
b83af90
to
bd12464
Compare
In which cases do we not use axios? |
Old code or apps that might not use our libraries, rare cases but might still happen |
bd12464
to
6d79339
Compare
/compile amend / |
…h dialogs Signed-off-by: Julius Härtl <jus@bitgrid.net> Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
6d79339
to
0904c84
Compare
/backport to stable27 |
/backport to stable26 |
/backport to stable25 |
/backport to stable24 |
The backport to stable27 failed. Please do this backport manually. # Switch to the target branch and update it
git checkout stable27
git pull origin stable27
# Create the new backport branch
git checkout -b fix/foo-stable27
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123
# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable27 More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport |
The backport to stable24 failed. Please do this backport manually. # Switch to the target branch and update it
git checkout stable24
git pull origin stable24
# Create the new backport branch
git checkout -b fix/foo-stable24
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123
# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable24 More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport |
The backport to stable26 failed. Please do this backport manually. # Switch to the target branch and update it
git checkout stable26
git pull origin stable26
# Create the new backport branch
git checkout -b fix/foo-stable26
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123
# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable26 More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport |
The backport to stable25 failed. Please do this backport manually. # Switch to the target branch and update it
git checkout stable25
git pull origin stable25
# Create the new backport branch
git checkout -b fix/foo-stable25
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123
# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable25 More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport |
if (init.headers instanceof Headers && !init.headers.has('X-Requested-With')) { | ||
init.headers.append('X-Requested-With', 'XMLHttpRequest') | ||
} else if (init.headers instanceof Object && !init.headers['X-Requested-With']) { | ||
init.headers['X-Requested-With'] = 'XMLHttpRequest' | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@juliushaertl a small find as of today:
If headers
is an instance of Headers
and already have X-Requested-With
, then the second else if
will still be true.
Luckily, ['X-Requested-With']
on a Headers
object is ignored by fetch 🙈
This used to work for most cases in the far past as jquery adds this on requests (https://github.com/jquery/jquery/blob/48cc402a917d6011c7d3e75f779f11ef91b474fb/src/ajax/xhr.js#L43-L50)
nextcloud-libraries/nextcloud-axios#637 adds this to our axios wrapper but this PR handles cases where apps or code parts are not using that.
Server has logic in place to return a dummyauth response header in case this one is set:
dfc3536
This helps to handle requests that happen in the web UI after authentication was revoked (e.g. by disabling a user) more gracefully, otherwise a request would lead to the browser showing a basic auth dialog.
Steps to reproduce:
Checklist