[ADF-3938] support for XMLHttpRequest.withCredentials flag (#4190)

* support XMLHttpRequest.withCredentials * proper defaults and json schema updates * remove outdated docs * remove empty declaration from app config * fix blob support
2025-07-24 17:32:15 +00:00 · 2019-01-25 12:12:06 +00:00
parent 08c9b6d117
commit 5887fa1052
6 changed files with 69 additions and 32 deletions
--- a/demo-shell/src/app.config.json
+++ b/demo-shell/src/app.config.json
@@ -3,12 +3,14 @@
    "ecmHost": "{protocol}//{hostname}{:port}",
    "bpmHost": "{protocol}//{hostname}{:port}",
    "identityHost": "{protocol}//{hostname}{:port}/auth/realms/alfresco",
-    "baseShareUrl": null,
    "loginRoute": "login",
    "providers": "ALL",
    "contextRootBpm": "activiti-app",
    "authType" : "BASIC",
    "locale" : "en",
+    "auth": {
+      "withCredentials": false
+    },
    "oauth2": {
      "host": "{protocol}//{hostname}{:port}/auth/realms/alfresco",
      "clientId": "alfresco",
--- a/docs/core/app-config.service.md
+++ b/docs/core/app-config.service.md
@@ -66,22 +66,6 @@ Example of the default settings file content:
 Note that the settings in the example above are the default ones supplied with the server.
 You can override the values in your custom `app.config.json` file if necessary. 

-You can change the path or name of the configuration file when importing the [`CoreModule`](../../lib/core/core.module.ts) in your main application.
-
-```ts
-...
-@NgModule({
-    imports: [
-        ...
-        CoreModule.forRoot({
-            appConfigFile: 'app.production.config.json'
-        })
-    ],
-    ...
-}
-export class AppModule { }
-```
-
 Below is a simple example of using the [`AppConfigService`](../core/app-config.service.md) in practice. 

 **[app.component](../../demo-shell/src/app/app.component.ts).ts**
@@ -156,3 +140,16 @@ of a property when the app config is loaded:
        console.log(logLevelValue); //this will be 'trace';
    });
 ```
+
+## XMLHttpRequest.withCredentials
+
+In the configuration file, you can enable [XMLHttpRequest.withCredentials](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials)
+for @alfresco/js-api calls and PDF Viewer.
+
+```json
+{
+    "auth": {
+      "withCredentials": true
+    }
+}
+```
--- a/lib/core/app-config/app-config.service.ts
+++ b/lib/core/app-config/app-config.service.ts
@@ -36,7 +36,8 @@ export enum AppConfigValues {
    ALFRESCO_REPOSITORY_NAME = 'alfrescoRepositoryName',
    LOG_LEVEL = 'logLevel',
    LOGIN_ROUTE = 'loginRoute',
-    DISABLECSRF = 'disableCSRF'
+    DISABLECSRF = 'disableCSRF',
+    AUTH_WITH_CREDENTIALS = 'auth.withCredentials'
 }

 export enum Status {
--- a/lib/core/app-config/schema.json
+++ b/lib/core/app-config/schema.json
@@ -833,6 +833,24 @@
        "OAUTH"
      ]
    },
+    "baseShareUrl": {
+      "description": "Custom url for shared links",
+      "type": "string"
+    },
+    "locale": {
+      "description": "Default application locale",
+      "type": "string"
+    },
+    "auth": {
+      "description": "Custom authentication settings",
+      "type": "object",
+      "properties": {
+        "withCredentials": {
+          "description": "Toggle XMLHttpRequest.withCredentials for @alfresco/js-api and PDF Viewer",
+          "type": "boolean"
+        }
+      }
+    },
    "oauth2": {
      "description": "AUTH configuration parameters",
      "type": "object",
--- a/lib/core/services/alfresco-api.service.ts
+++ b/lib/core/services/alfresco-api.service.ts
@@ -117,7 +117,7 @@ export class AlfrescoApiService {
            oauth.redirectUriLogout = window.location.origin + (oauth.redirectUriLogout || '/');
        }

-        const config = {
+        const config = new AlfrescoApiConfig({
            provider: this.appConfig.get<string>(AppConfigValues.PROVIDERS),
            hostEcm: this.appConfig.get<string>(AppConfigValues.ECMHOST),
            hostBpm: this.appConfig.get<string>(AppConfigValues.BPMHOST),
@@ -125,8 +125,9 @@ export class AlfrescoApiService {
            contextRootBpm: this.appConfig.get<string>(AppConfigValues.CONTEXTROOTBPM),
            contextRoot: this.appConfig.get<string>(AppConfigValues.CONTEXTROOTECM),
            disableCsrf: this.appConfig.get<boolean>(AppConfigValues.DISABLECSRF),
+            withCredentials: this.appConfig.get<boolean>(AppConfigValues.AUTH_WITH_CREDENTIALS, false),
            oauth2: oauth
-        };
+        });

        if (this.alfrescoApi && this.isDifferentConfig(this.lastConfig, config)) {
            this.lastConfig = config;
@@ -135,6 +136,7 @@ export class AlfrescoApiService {
            this.lastConfig = config;
            this.alfrescoApi = new AlfrescoApiCompatibility(config);
        }
+
    }

    isDifferentConfig(lastConfig: AlfrescoApiConfig, newConfig: AlfrescoApiConfig) {
--- a/lib/core/viewer/components/pdfViewer.component.ts
+++ b/lib/core/viewer/components/pdfViewer.component.ts
@@ -24,16 +24,24 @@ import {
    OnChanges,
    OnDestroy,
    ViewEncapsulation,
-    EventEmitter
+    EventEmitter,
+    SimpleChanges
 } from '@angular/core';
+import { MatDialog } from '@angular/material';
 import { LogService } from '../../services/log.service';
 import { RenderingQueueServices } from '../services/rendering-queue.services';
 import { PdfPasswordDialogComponent } from './pdfViewer-password-dialog';
-import { MatDialog } from '@angular/material';
+import { AppConfigService } from './../../app-config/app-config.service';

 declare const pdfjsLib: any;
 declare const pdfjsViewer: any;

+export interface PdfDocumentOptions {
+    url?: string;
+    data?: any;
+    withCredentials?: boolean;
+}
+
@Component({
    selector: 'adf-pdf-viewer',
    templateUrl: './pdfViewer.component.html',
@@ -99,7 +107,8 @@ export class PdfViewerComponent implements OnChanges, OnDestroy {
    constructor(
        private dialog: MatDialog,
        private renderingQueueServices: RenderingQueueServices,
-        private logService: LogService) {
+        private logService: LogService,
+        private appConfigService: AppConfigService) {
        // needed to preserve "this" context
        this.onPageChange = this.onPageChange.bind(this);
        this.onPagesLoaded = this.onPagesLoaded.bind(this);
@@ -107,20 +116,28 @@ export class PdfViewerComponent implements OnChanges, OnDestroy {
        this.randomPdfId = this.generateUuid();
    }

-    ngOnChanges(changes) {
-        let blobFile = changes['blobFile'];
+    ngOnChanges(changes: SimpleChanges) {
+        const blobFile = changes['blobFile'];

        if (blobFile && blobFile.currentValue) {
-            let reader = new FileReader();
+            const reader = new FileReader();
            reader.onload = () => {
-                this.executePdf(reader.result);
+                const options = {
+                    data: reader.result,
+                    withCredentials: this.appConfigService.get<boolean>('auth.withCredentials', undefined)
+                };
+                this.executePdf(options);
            };
            reader.readAsArrayBuffer(blobFile.currentValue);
        }

-        let urlFile = changes['urlFile'];
+        const urlFile = changes['urlFile'];
        if (urlFile && urlFile.currentValue) {
-            this.executePdf(urlFile.currentValue);
+            const options = {
+                url: urlFile.currentValue,
+                withCredentials: this.appConfigService.get<boolean>('auth.withCredentials', undefined)
+            };
+            this.executePdf(options);
        }

        if (!this.urlFile && !this.blobFile) {
@@ -128,10 +145,10 @@ export class PdfViewerComponent implements OnChanges, OnDestroy {
        }
    }

-    executePdf(src) {
-
+    executePdf(pdfOptions: PdfDocumentOptions) {
        pdfjsLib.GlobalWorkerOptions.workerSrc = 'pdf.worker.min.js';
-        this.loadingTask = pdfjsLib.getDocument(src);
+
+        this.loadingTask = pdfjsLib.getDocument(pdfOptions);

        this.loadingTask.onPassword = (callback, reason) => {
            this.onPdfPassword(callback, reason);