Use credentials to get account data

thomas-ashcraft / alienware_arena_helper

Helps you to easily earn daily ARP and improves site with usable features

GNU General Public License v2.0

53 stars 9 forks source link

Use credentials to get account data #14

Closed Rudokhvist closed 4 years ago

Rudokhvist commented 4 years ago

To get badges (and borders) data from /account/personalization we need to provide credentials.

Rudokhvist commented 4 years ago

Update: It seems to work without this PR in Chrome, but not in Firefox.

thomas-ashcraft commented 4 years ago

That's odd. I cannot reproduce any problems in Firefox.

Also, according to documentation {credentials: 'same-origin'} is used by default.

By default, fetch won't send or receive any cookies from the server, resulting in unauthenticated requests if the site relies on maintaining a user session (to send cookies, the credentials init option must be set). Since Aug 25, 2017. The spec changed the default credentials policy to same-origin. Firefox changed since 61.0b13.

https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch

So right now, as I see, cookies sent even without setting init option. Can you confirm the otherwise or provide more info about a problem? Have you tried to relogin? Maybe it's somehow related to poor session mechanic at Alienware Arena site.

console

Rudokhvist commented 4 years ago

I will try to test it further then.

Have you tried to relogin? Maybe it's somehow related to poor session mechanic at Alienware Arena site.

It may be. I will try it too.

Rudokhvist commented 4 years ago

So, I found why I had an issue with credentials. It's actually stated in your previous comment:

Since Aug 25, 2017. The spec changed the default credentials policy to same-origin. Firefox changed since 61.0b13.

At work I'm using Firefox ESR (it's installed by default by corporate system administrators), and it has version 60.9.0esr, i.e. prior to changes in fetch credentials policy. Latest Firefox, both stable and developers versions, works as expected. I would still suggest to merge this PR, as it should not bring any regressions, but in rare cases of browsers with older default credentials policy it can be actually useful. But it's up to you of course.

thomas-ashcraft commented 4 years ago

it should not bring any regressions, but in rare cases of browsers with older default credentials policy it can be actually useful.

This.