Use fetch helpers instead of fetch (#27026)

WIP because: - [x] Some calls set a `content-type` but send no body, can likely remove the header - [x] Need to check whether `charset=utf-8` has any significance on the webauthn calls, I assume not as it is the default for json content. - [x] Maybe `no-restricted-globals` is better for eslint, but will require a lot of duplication in the yaml or moving eslint config to a `.js` extension. - [x] Maybe export `request` as `fetch`, shadowing the global.
2025-11-03 21:08:25 +00:00 · 2023-09-19 02:50:30 +02:00
parent 8099238618
commit ae8e8f055e
17 changed files with 70 additions and 98 deletions
--- a/web_src/js/modules/fetch.js
+++ b/web_src/js/modules/fetch.js
@@ -2,17 +2,18 @@ import {isObject} from '../utils.js';

 const {csrfToken} = window.config;

+// safe HTTP methods that don't need a csrf token
+const safeMethods = new Set(['GET', 'HEAD', 'OPTIONS', 'TRACE']);
+
 // fetch wrapper, use below method name functions and the `data` option to pass in data
-// which will automatically set an appropriate content-type header. For json content,
-// only object and array types are currently supported.
-function request(url, {headers, data, body, ...other} = {}) {
+// which will automatically set an appropriate headers. For json content, only object
+// and array types are currently supported.
+export function request(url, {method = 'GET', headers = {}, data, body, ...other} = {}) {
  let contentType;
  if (!body) {
    if (data instanceof FormData) {
-      contentType = 'multipart/form-data';
      body = data;
    } else if (data instanceof URLSearchParams) {
-      contentType = 'application/x-www-form-urlencoded';
      body = data;
    } else if (isObject(data) || Array.isArray(data)) {
      contentType = 'application/json';
@@ -20,12 +21,18 @@ function request(url, {headers, data, body, ...other} = {}) {
    }
  }

+  const headersMerged = new Headers({
+    ...(!safeMethods.has(method.toUpperCase()) && {'x-csrf-token': csrfToken}),
+    ...(contentType && {'content-type': contentType}),
+  });
+
+  for (const [name, value] of Object.entries(headers)) {
+    headersMerged.set(name, value);
+  }
+
  return fetch(url, {
-    headers: {
-      'x-csrf-token': csrfToken,
-      ...(contentType && {'content-type': contentType}),
-      ...headers,
-    },
+    method,
+    headers: headersMerged,
    ...(body && {body}),
    ...other,
  });