Revert "STCOR-853 do not include credential in /authn/token request (#…

…1480)" (#1486) This reverts commit d6e7af8. We don't want to _send_ old cookies, but we do want to _receive_ new cookies. `omit` ignores both. From https://developer.mozilla.org/en-US/docs/Web/API/fetch#credentials: > `omit`: Tells browsers to exclude credentials from the request, and > ignore any credentials sent back in the response (e.g., any Set-Cookie > header). We may still have a cookie exchange problem, but if we do, `credentials: "omit"` won't solve it.
folio-org · May 30, 2024 · 13001bf · 13001bf
1 parent d6e7af8
commit 13001bf
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 87 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,7 +11,6 @@
 * Idle-session timeout and "Keep working?" modal. Refs STCOR-776.
 * Use keycloak URLs in place of users-bl for tenant-switch. Refs US1153537.
 * Fix 404 error page when logging in after changing password in Eureka. Refs STCOR-845.
-* Omit credentials in requests to `/authn/token` to prevent redirect tailspin. Refs STCOR-853.
 
 ## [10.1.1](https://github.com/folio-org/stripes-core/tree/v10.1.1) (2024-03-25)
 [Full Changelog](https://github.com/folio-org/stripes-core/compare/v10.1.0...v10.1.1)

diff --git a/src/components/OIDCLanding.js b/src/components/OIDCLanding.js
@@ -59,7 +59,7 @@ const OIDCLanding = () => {
     if (otp) {
       setPotp(otp);
       fetch(`${okapi.url}/authn/token?code=${otp}&redirect-uri=${window.location.protocol}//${window.location.host}/oidc-landing`, {
-        credentials: 'omit',
+        credentials: 'include',
         headers: { 'X-Okapi-tenant': okapi.tenant, 'Content-Type': 'application/json' },
         mode: 'cors',
       })

diff --git a/src/components/OIDCLanding.test.js b/src/components/OIDCLanding.test.js