From 314bf53b23655b3f6b3267d027c63f65b0d9c4d1 Mon Sep 17 00:00:00 2001 From: Sonja Happ Date: Mon, 25 Jan 2021 11:34:39 +0100 Subject: [PATCH] send token in query string for file download, omit auth header --- src/common/api/rest-api.js | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/src/common/api/rest-api.js b/src/common/api/rest-api.js index 4e554c7..f40064e 100644 --- a/src/common/api/rest-api.js +++ b/src/common/api/rest-api.js @@ -41,7 +41,8 @@ let prevURL = null; class RestAPI { get(url, token) { return new Promise(function (resolve, reject) { - var req = request.get(url); + + let req = request.get(url); if (token != null) { req.set('Authorization', "Bearer " + token); @@ -61,7 +62,7 @@ class RestAPI { post(url, body, token) { return new Promise(function (resolve, reject) { - var req = request.post(url).send(body).timeout({ response: 5000 }); // Simple response start timeout (3s) + let req = request.post(url).send(body).timeout({ response: 5000 }); // Simple response start timeout (3s) if (token != null) { req.set('Authorization', "Bearer " + token); @@ -82,7 +83,7 @@ class RestAPI { delete(url, token) { return new Promise(function (resolve, reject) { - var req = request.delete(url); + let req = request.delete(url); if (token != null) { req.set('Authorization', "Bearer " + token); @@ -101,7 +102,7 @@ class RestAPI { put(url, body, token) { return new Promise(function (resolve, reject) { - var req = request.put(url).send(body); + let req = request.put(url).send(body); if (token != null) { req.set('Authorization', "Bearer " + token); @@ -140,11 +141,14 @@ class RestAPI { download(url, token, fileID) { return new Promise(function (resolve, reject) { - let req = request.get(url + "/" + fileID).buffer(true).responseType("blob") - // use blob response type and buffer - if (token != null) { - req.set('Authorization', "Bearer " + token); + + let completeURL = url + "/" + fileID; + if (token != null){ + completeURL = completeURL + "?token=" + action.token } + let req = request.get(completeURL).buffer(true).responseType("blob") + // use blob response type and buffer + // Do not use auth header for file download req.end(function (error, res) { if (error !== null || res.status !== 200) { @@ -161,7 +165,7 @@ class RestAPI { apiDownload(url, token) { return new Promise(function (resolve, reject) { - var req = request.get(url).buffer(true).responseType("blob"); + let req = request.get(url).buffer(true).responseType("blob"); if (token != null) { req.set('Authorization', "Bearer " + token);