From a670e04c0d84522ee550f57d4619283bd268ba09 Mon Sep 17 00:00:00 2001
From: Zak Burke <zburke@ebsco.com>
Date: Tue, 28 Nov 2023 15:21:32 -0500
Subject: [PATCH] UID-121 conservatively handle x-okapi-token (#400)

Handle cookie-based authorization conservatively: provide the
`x-okapi-token` HTTP request header if the token is present in
`stripes`; omit it otherwise.

Refs UID-121
---
 src/settings/CanIUse.js    | 3 +++
 src/settings/OkapiPaths.js | 3 ++-
 src/settings/Passwd.js     | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/settings/CanIUse.js b/src/settings/CanIUse.js
index 670e159..2974031 100644
--- a/src/settings/CanIUse.js
+++ b/src/settings/CanIUse.js
@@ -65,11 +65,14 @@ class CanIUse extends React.Component {
   componentDidMount() {
     const { stripes } = this.props;
 
+    const token = stripes.store.getState().okapi.token;
+
     const options = {
       credentials: 'include',
       method: 'GET',
       headers: {
         'X-Okapi-Tenant': stripes.okapi.tenant,
+        ...(token && { 'X-Okapi-Token': token }),
         'Content-Type': 'application/json',
       },
     };
diff --git a/src/settings/OkapiPaths.js b/src/settings/OkapiPaths.js
index b2f1ac8..f726a27 100644
--- a/src/settings/OkapiPaths.js
+++ b/src/settings/OkapiPaths.js
@@ -51,12 +51,13 @@ class OkapiPaths extends React.Component {
     const { stripes } = this.props;
 
     const paths = this.state.paths;
+    const token = stripes.store.getState().okapi.token;
 
     const options = {
       method: 'GET',
       headers: {
         'X-Okapi-Tenant': stripes.okapi.tenant,
-        'X-Okapi-Token': stripes.store.getState().okapi.token,
+        ...(token && { 'X-Okapi-Token': token }),
         'Content-Type': 'application/json',
       },
     };
diff --git a/src/settings/Passwd.js b/src/settings/Passwd.js
index be8f0af..725ba6e 100644
--- a/src/settings/Passwd.js
+++ b/src/settings/Passwd.js
@@ -102,6 +102,7 @@ class Passwd extends React.Component {
           password: values.password,
           userId,
         };
+        const token = stripes.store.getState().okapi.token;
 
         if (!res.credentialsExist) {
           return mutator.passwd.POST(credentials);
@@ -114,6 +115,7 @@ class Passwd extends React.Component {
             method: 'DELETE',
             headers: {
               'X-Okapi-Tenant': stripes.okapi.tenant,
+              ...(token && { 'X-Okapi-Token': token }),
               'Content-Type': 'application/json',
             },
           };