From 8cf29e344b83fe6fb43c21429e0ec9235aaefa57 Mon Sep 17 00:00:00 2001 From: Bruno Windels Date: Fri, 18 Sep 2020 18:13:20 +0200 Subject: [PATCH] don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path --- src/matrix/net/HomeServerApi.js | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/matrix/net/HomeServerApi.js b/src/matrix/net/HomeServerApi.js index cfb75e15..955e9548 100644 --- a/src/matrix/net/HomeServerApi.js +++ b/src/matrix/net/HomeServerApi.js @@ -73,13 +73,13 @@ export class HomeServerApi { return `${this._homeserver}/_matrix/client/r0${csPath}`; } - _request(method, url, queryParams, body, options) { + _baseRequest(method, url, queryParams, body, options, accessToken) { const queryString = encodeQueryParams(queryParams); url = `${url}?${queryString}`; let bodyString; const headers = new Map(); - if (this._accessToken) { - headers.set("Authorization", `Bearer ${this._accessToken}`); + if (accessToken) { + headers.set("Authorization", `Bearer ${accessToken}`); } headers.set("Accept", "application/json"); if (body) { @@ -106,16 +106,24 @@ export class HomeServerApi { return wrapper; } + _unauthedRequest(method, url, queryParams, body, options) { + return this._baseRequest(method, url, queryParams, body, options, null); + } + + _authedRequest(method, url, queryParams, body, options) { + return this._baseRequest(method, url, queryParams, body, options, this._accessToken); + } + _post(csPath, queryParams, body, options) { - return this._request("POST", this._url(csPath), queryParams, body, options); + return this._authedRequest("POST", this._url(csPath), queryParams, body, options); } _put(csPath, queryParams, body, options) { - return this._request("PUT", this._url(csPath), queryParams, body, options); + return this._authedRequest("PUT", this._url(csPath), queryParams, body, options); } _get(csPath, queryParams, body, options) { - return this._request("GET", this._url(csPath), queryParams, body, options); + return this._authedRequest("GET", this._url(csPath), queryParams, body, options); } sync(since, filter, timeout, options = null) { @@ -142,7 +150,7 @@ export class HomeServerApi { } passwordLogin(username, password, initialDeviceDisplayName, options = null) { - return this._post("/login", null, { + return this._unauthedRequest("POST", this._url("/login"), null, { "type": "m.login.password", "identifier": { "type": "m.id.user", @@ -158,7 +166,7 @@ export class HomeServerApi { } versions(options = null) { - return this._request("GET", `${this._homeserver}/_matrix/client/versions`, null, null, options); + return this._unauthedRequest("GET", `${this._homeserver}/_matrix/client/versions`, null, null, options); } uploadKeys(payload, options = null) {