joffrey-bion
commented
6 years ago I'm using the standard JavaScript fetch API, so it should not be too hard. I'll look into it when I'm back home.
Closed ST-DDT closed 6 years ago
joffrey-bion
commented
6 years ago I'm using the standard JavaScript fetch API, so it should not be too hard. I'll look into it when I'm back home.
Shinigami92
commented
6 years ago To shorten your documentation search time ;) This will point you in the right direction I think: Using Fetch - Supplying request options
especially line 12 in the next code-block below Supplying request options
credentials: 'same-origin', // include, same-origin, *omit
joffrey-bion
commented
6 years ago @Shinigami92 Thanks for pointing that out. I had given it a quick search and found this post which suggests:
{ credentials: 'include' }I believe it is similar to same-origin but also sends credentials for cross-site requests. In the case of livedoc, we need to ensure cross-site requests work as well, because the UI may be hosted in a different place than the API.
My only concern now is testing the feature, I don't want to add this option and release without proper testing. This means I need to set up Spring security in the sample app in order to protect the jsondoc endpoint and test the authentication. It will also be a good opportunity to add authenticated endpoint examples in the sample app.
Sometimes your documentation endpoint is also protected by at least something like basic auth.
Currently the UI will just print an error message
Could not fetch documentation, HTTP 401It would be nice if the browser would prompt the user for its login credentials, when the server requests for it via
WWW-Authenticate. This might also be true for cookie based sessions.I don't know which framework you are using, but it might be something simple as:
or