Closed AlenKelemen closed 4 years ago
Do you have an example POST/PUT route?
Just use Mg API reference (../mapguide/rest/doc/index.html#!/library/InsertFeatures) and set session. You can see that complete body is lost and only session is send. It occurs only with POST and PUT, DELETE works ok for instance ..
In my code DELETE looks like:
fetch(this.url_, { method: 'DELETE', body:
session=${this.sessionId_}&filter=${filter}, headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8' } })
So we need to include session in POST/PUT body.
Ok this is an actual oversight of the API and possibly many others under /library that take POST/PUT requests with XML/JSON bodies. The fact that the swagger docs show a session field in the operation test UI is a case of sloppy copy-pasting of the operation metadata.
I think the easiest fix with the least amount of descriptiveness is to allow passing the session id as a request header of the POST/PUT request and have our relevant controller actions make sure to check the request header for the session id before checking any other places. Then there's the challenge of making sure that we can instruct swagger to make sure that session id field populates as a request header value.
Could you give d1a9e8c45a2a661f6d8792761ffacdfe1577f5c0 a go? I've fixed the swagger metadata for full-body POST/PUT operations to allow passing a session id through a new X-MG-SESSION-ID
request header (that the swagger UI should provide a field for)
Works fine... I had to 'add X-Requested-With' to config.php:
"MapGuide.Cors" => array( "origin" => "http://localhost:1234", "exposeHeaders" => array("Authorization,Content-Type"), "maxAge" => 1728000, "allowCredentials" => True, "allowMethods" => array("POST, GET, PUT, DELETE, OPTIONS"), "allowHeaders" => array("Authorization,Content-Type,x-mg-session-id") ),
To use it in fetch then I can do:
fetch(
${basePath}, { method: 'POST', credentials: 'include', headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8', 'X-MG-SESSION-ID':
${loginData.session} }, body: JSON.stringify(body) })
How to send session in POST & PUT requests where body is json feature definition ? In mapguide-rest API Reference POST & PUT sets only sessionId in body and (of course) returns 'Malformed JSON body' error.