Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support sending custom headers (e.g. session token) in requests from Isso JS client #812

Open
antont opened this issue Mar 12, 2022 · 2 comments
Labels
client (Javascript) client code and CSS feature needs-decision Architectural/Behavioral decision by maintainers needed server (Python) server code
Milestone

Comments

@antont
Copy link

antont commented Mar 12, 2022

Hi - am using external authentication for users with Isso, because we embedded Isso in a system where already had user info, auth and sessions using bearer tokens.

For the Isso client side requests, like posting a new comment, I needed to add the session token to the requests. I hacked this in one way sort of ok way that works for us, by adding new Isso client param bearer-token-cookie with the name of a cookie. If that is defined, isso/js/app/api.js sets the value of that cookie to the bearer-token header. The commit for that is antont@c2fe703 (with some little fixes in later ones).

Support for this would be nice to have in Isso upstream, but I figure this would not be the way, but something more generic could do it.

For example, there could be a setting with custom header name, and the name of a client side getter function, that would work for setting any header with whatever logic.

Or perhaps the client lib could provide some way to register a some decorator / callback for customizing requests, in api.js?

Am also open to other proposals. Am doing the actual authentication in a fastapi app, with fastapi-users, where I have a proxy for the Isso API where intercept the requests and inject username, planning to set the avatar there too, and perhaps do other feats related to auth. This is related to the discussion in #240 but a different topic, in my case it seems that simply supporting custom headers in the client would allow using external user auth.

@ix5 ix5 added server (Python) server code client (Javascript) client code and CSS feature needs-decision Architectural/Behavioral decision by maintainers needed labels Mar 14, 2022
@ix5 ix5 added this to the 1.0 milestone Mar 14, 2022
@antont
Copy link
Author

antont commented Mar 15, 2022

Thanks for tagging @ix5 - just a note: AFAIK this does not necessarily affect the server side at all. Now I did it by hacking isso/js/app/api.js only in that commit, and it could be some register-extension / wrapper / custom-headers-setter hook in the js lib. The option is for the script tag in the html, could be used for that or not, also can be just a call in the embedding js to config the header info or so.

Anyway is for custom server side usage and not just a front UI issue or so, that's true.

@ix5
Copy link
Member

ix5 commented Mar 21, 2022

All I can say on this topic is that this is a prime example for the need for an extension system, both on the client and on the server.

See #813

For example in the curl() function, we might pass the xhr object into an extension hook that runs before xhr.send(), as well as allow hooking onload().

Also related: #105 and #261

@ix5 ix5 modified the milestones: 1.0, backburner Jun 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client (Javascript) client code and CSS feature needs-decision Architectural/Behavioral decision by maintainers needed server (Python) server code
Projects
None yet
Development

No branches or pull requests

2 participants