AAE-34959 Fix withCredentials can not be set by app.config.json (#10897)

* AAE-34959 Run security options loader when alfresco-api-v2-loader.serfvice is initialized because on content app the app-config.loader is run after AlfrescoApiLoaderService.init and the callback function that should setDefaultSecurityOption is not executed

* AAE-34959 Provide SecurityOptionsLoaderService in root to fix No Provider error

lib/content-services/src/lib/api-factories/alfresco-api-v2-loader.service.ts

@@ -19,6 +19,7 @@ import { AlfrescoApiConfig } from '@alfresco/js-api';
 import { Injectable } from '@angular/core';
 import { AppConfigService, AppConfigValues, StorageService } from '@alfresco/adf-core';
 import { AlfrescoApiService } from '../services/alfresco-api.service';
+import { SecurityOptionsLoaderService } from '../security-options-loader/security-options-loader.service';
 
 /**
  * Create a factory to resolve an api service instance
@@ -37,11 +38,12 @@ export class AlfrescoApiLoaderService {
     constructor(
         private readonly appConfig: AppConfigService,
         private readonly apiService: AlfrescoApiService,
+        private readonly securityOptionsLoaderService: SecurityOptionsLoaderService,
         private storageService: StorageService
     ) {}
 
     async init(): Promise<any> {
-        await this.appConfig.load();
+        await this.appConfig.load(this.securityOptionsLoaderService.load);
         return this.initAngularAlfrescoApi();
     }
 

lib/content-services/src/lib/security-options-loader/security-options-loader.service.spec.ts

@@ -0,0 +1,73 @@
+/*!
+ * @license
+ * Copyright © 2005-2025 Hyland Software, Inc. and its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { SecurityOptionsLoaderService } from './security-options-loader.service';
+import { AppConfigService, AppConfigValues } from '@alfresco/adf-core';
+import { AdfHttpClient } from '@alfresco/adf-core/api';
+
+describe('SecurityOptionsLoaderService', () => {
+    let service: SecurityOptionsLoaderService;
+    let appConfigServiceSpy: jasmine.SpyObj<AppConfigService>;
+    let adfHttpClientSpy: jasmine.SpyObj<AdfHttpClient>;
+
+    beforeEach(() => {
+        appConfigServiceSpy = jasmine.createSpyObj('AppConfigService', ['get']);
+        adfHttpClientSpy = jasmine.createSpyObj('AdfHttpClient', ['setDefaultSecurityOption']);
+
+        service = new SecurityOptionsLoaderService(appConfigServiceSpy, adfHttpClientSpy);
+    });
+
+    it('should set withCredentials when value is true', () => {
+        appConfigServiceSpy.get.and.callFake((key: string): any => {
+            if (key === AppConfigValues.AUTH_WITH_CREDENTIALS) {
+                return true;
+            }
+        });
+
+        service.load();
+
+        expect(adfHttpClientSpy.setDefaultSecurityOption).toHaveBeenCalledWith({ withCredentials: true });
+    });
+
+    it('should set withCredentials when value is false', () => {
+        appConfigServiceSpy.get.and.callFake((key: string): any => {
+            if (key === AppConfigValues.AUTH_WITH_CREDENTIALS) {
+                return false;
+            }
+        });
+
+        service.load();
+
+        expect(adfHttpClientSpy.setDefaultSecurityOption).toHaveBeenCalledWith({ withCredentials: false });
+    });
+
+    it('should not call setDefaultSecurityOption when value is undefined', () => {
+        appConfigServiceSpy.get.and.returnValue(undefined);
+
+        service.load();
+
+        expect(adfHttpClientSpy.setDefaultSecurityOption).not.toHaveBeenCalled();
+    });
+
+    it('should not call setDefaultSecurityOption when value is null', () => {
+        appConfigServiceSpy.get.and.returnValue(null);
+
+        service.load();
+
+        expect(adfHttpClientSpy.setDefaultSecurityOption).not.toHaveBeenCalled();
+    });
+});

lib/content-services/src/lib/security-options-loader/security-options-loader.service.ts

@@ -0,0 +1,34 @@
+/*!
+ * @license
+ * Copyright © 2005-2025 Hyland Software, Inc. and its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { AppConfigService, AppConfigValues } from '@alfresco/adf-core';
+import { AdfHttpClient } from '@alfresco/adf-core/api';
+import { Injectable } from '@angular/core';
+
+@Injectable({
+    providedIn: 'root'
+})
+export class SecurityOptionsLoaderService {
+    constructor(private appConfigService: AppConfigService, private adfHttpClient: AdfHttpClient) {}
+
+    load = () => {
+        const withCredentials = this.appConfigService.get<boolean>(AppConfigValues.AUTH_WITH_CREDENTIALS);
+        if (withCredentials !== undefined && withCredentials !== null) {
+            this.adfHttpClient.setDefaultSecurityOption({ withCredentials });
+        }
+    };
+}