@fluidframework/odsp-driver 0.55.2 → 0.56.2

package/src/createFile.ts

@@ -55,6 +55,7 @@ export async function createNewFluidFile(
     epochTracker: EpochTracker,
     fileEntry: IFileEntry,
     createNewCaching: boolean,
+    forceAccessTokenViaAuthorizationHeader: boolean,
 ): Promise<IOdspResolvedUrl> {
     // Check for valid filename before the request to create file is actually made.
     if (isInvalidFileName(newFileInfo.filename)) {
@@ -67,10 +68,17 @@ export async function createNewFluidFile(
     let sharingLink: string | undefined;
     let sharingLinkErrorReason: string | undefined;
     if (createNewSummary === undefined) {
-        itemId = await createNewEmptyFluidFile(getStorageToken, newFileInfo, logger, epochTracker);
+        itemId = await createNewEmptyFluidFile(
+            getStorageToken, newFileInfo, logger, epochTracker, forceAccessTokenViaAuthorizationHeader);
     } else {
         const content = await createNewFluidFileFromSummary(
-            getStorageToken, newFileInfo, logger, createNewSummary, epochTracker);
+            getStorageToken,
+            newFileInfo,
+            logger,
+            createNewSummary,
+            epochTracker,
+            forceAccessTokenViaAuthorizationHeader,
+        );
         itemId = content.itemId;
         summaryHandle = content.id;
         sharingLink = content.sharingLink;
@@ -108,6 +116,7 @@ export async function createNewEmptyFluidFile(
     newFileInfo: INewFileInfo,
     logger: ITelemetryLogger,
     epochTracker: EpochTracker,
+    forceAccessTokenViaAuthorizationHeader: boolean,
 ): Promise<string> {
     const filePath = newFileInfo.filePath ? encodeURIComponent(`/${newFileInfo.filePath}`) : "";
     // add .tmp extension to empty file (host is expected to rename)
@@ -123,7 +132,8 @@ export async function createNewEmptyFluidFile(
             logger,
             { eventName: "createNewEmptyFile" },
             async (event) => {
-                const { url, headers } = getUrlAndHeadersWithAuth(initialUrl, storageToken);
+                const { url, headers } = getUrlAndHeadersWithAuth(
+                    initialUrl, storageToken, forceAccessTokenViaAuthorizationHeader);
                 headers["Content-Type"] = "application/json";
 
                 const fetchResponse = await runWithRetry(
@@ -163,6 +173,7 @@ export async function createNewFluidFileFromSummary(
     logger: ITelemetryLogger,
     createNewSummary: ISummaryTree,
     epochTracker: EpochTracker,
+    forceAccessTokenViaAuthorizationHeader: boolean,
 ): Promise<ICreateFileResponse> {
     const filePath = newFileInfo.filePath ? encodeURIComponent(`/${newFileInfo.filePath}`) : "";
     const encodedFilename = encodeURIComponent(newFileInfo.filename);
@@ -181,7 +192,8 @@ export async function createNewFluidFileFromSummary(
             logger,
             { eventName: "createNewFile" },
             async (event) => {
-                const { url, headers } = getUrlAndHeadersWithAuth(initialUrl, storageToken);
+                const { url, headers } = getUrlAndHeadersWithAuth(
+                    initialUrl, storageToken, forceAccessTokenViaAuthorizationHeader);
                 headers["Content-Type"] = "application/json";
 
                 const fetchResponse = await runWithRetry(

package/src/epochTracker.ts

@@ -18,13 +18,14 @@ import {
 } from "@fluidframework/odsp-driver-definitions";
 import { DriverErrorType } from "@fluidframework/driver-definitions";
 import { PerformanceEvent, isFluidError, normalizeError } from "@fluidframework/telemetry-utils";
-import { fetchAndParseAsJSONHelper, fetchArray, IOdspResponse } from "./odspUtils";
+import { fetchAndParseAsJSONHelper, fetchArray, getOdspResolvedUrl, IOdspResponse } from "./odspUtils";
 import {
     IOdspCache,
     INonPersistentCache,
     IPersistedFileCache,
  } from "./odspCache";
 import { IVersionedValueWithEpoch, persistedCacheValueVersion } from "./contracts";
+import { ClpCompliantAppHeader } from "./contractsPublic";
 
 export type FetchType = "blob" | "createBlob" | "createFile" | "joinSession" | "ops" | "test" | "snapshotTree" |
     "treesLatest" | "uploadSummary" | "push" | "versions";
@@ -170,8 +171,9 @@ export class EpochTracker implements IPersistedFileCache {
         fetchOptions: RequestInit,
         fetchType: FetchType,
         addInBody: boolean = false,
+        fetchReason?: string,
     ): Promise<IOdspResponse<T>> {
-        const clientCorrelationId = this.formatClientCorrelationId();
+        const clientCorrelationId = this.formatClientCorrelationId(fetchReason);
         // Add epoch in fetch request.
         this.addEpochInRequest(fetchOptions, addInBody, clientCorrelationId);
         let epochFromResponse: string | undefined;
@@ -211,8 +213,9 @@ export class EpochTracker implements IPersistedFileCache {
         fetchOptions: {[index: string]: any},
         fetchType: FetchType,
         addInBody: boolean = false,
+        fetchReason?: string,
     ) {
-        const clientCorrelationId = this.formatClientCorrelationId();
+        const clientCorrelationId = this.formatClientCorrelationId(fetchReason);
         // Add epoch in fetch request.
         this.addEpochInRequest(fetchOptions, addInBody, clientCorrelationId);
         let epochFromResponse: string | undefined;
@@ -245,12 +248,16 @@ export class EpochTracker implements IPersistedFileCache {
         addInBody: boolean,
         clientCorrelationId: string,
     ) {
+        const isClpCompliantApp = getOdspResolvedUrl(this.fileEntry.resolvedUrl).isClpCompliantApp;
         if (addInBody) {
             const headers: {[key: string]: string} = {};
             headers["X-RequestStats"] = clientCorrelationId;
             if (this.fluidEpoch !== undefined) {
                 headers["x-fluid-epoch"] = this.fluidEpoch;
             }
+            if (isClpCompliantApp) {
+                headers[ClpCompliantAppHeader.isClpCompliantApp] = isClpCompliantApp.toString();
+            }
             this.addParamInBody(fetchOptions, headers);
         } else {
             const addHeader = (key: string, val: string) => {
@@ -264,6 +271,9 @@ export class EpochTracker implements IPersistedFileCache {
             if (this.fluidEpoch !== undefined) {
                 addHeader("x-fluid-epoch", this.fluidEpoch);
             }
+            if (isClpCompliantApp) {
+                addHeader(ClpCompliantAppHeader.isClpCompliantApp, isClpCompliantApp.toString());
+            }
         }
     }
 
@@ -285,8 +295,12 @@ export class EpochTracker implements IPersistedFileCache {
         fetchOptions.body = formParams.join("\r\n");
     }
 
-    private formatClientCorrelationId() {
-        return `driverId=${this.driverId}, RequestNumber=${this.networkCallNumber++}`;
+    private formatClientCorrelationId(fetchReason?: string) {
+        const items: string[] = [`driverId=${this.driverId}`, `RequestNumber=${this.networkCallNumber++}`];
+        if (fetchReason !== undefined) {
+            items.push(`fetchReason=${fetchReason}`);
+        }
+        return items.join(", ");
     }
 
     protected validateEpochFromResponse(
@@ -395,13 +409,14 @@ export class EpochTrackerWithRedemption extends EpochTracker {
         fetchOptions: {[index: string]: any},
         fetchType: FetchType,
         addInBody: boolean = false,
+        fetchReason?: string,
     ): Promise<IOdspResponse<T>> {
         // Optimize the flow if we know that treesLatestDeferral was already completed by the timer we started
         // joinSession call. If we did - there is no reason to repeat the call as it will fail with same error.
         const completed = this.treesLatestDeferral.isCompleted;
 
         try {
-            return await super.fetchAndParseAsJSON<T>(url, fetchOptions, fetchType, addInBody);
+            return await super.fetchAndParseAsJSON<T>(url, fetchOptions, fetchType, addInBody, fetchReason);
         } catch (error) {
             // Only handling here treesLatest. If createFile failed, we should never try to do joinSession.
             // Similar, if getVersions failed, we should not do any further storage calls.

package/src/fetchSnapshot.ts

@@ -39,6 +39,7 @@ import { EpochTracker } from "./epochTracker";
  * @param storageFetchWrapper - Implementation of the get/post methods used to fetch the snapshot
  * @param versionId - id of specific snapshot to be fetched
  * @param fetchFullSnapshot - whether we want to fetch full snapshot(with blobs)
+ * @param forceAccessTokenViaAuthorizationHeader - whether to force passing given token via authorization header
  * @returns A promise of the snapshot and the status code of the response
  */
 export async function fetchSnapshot(
@@ -46,6 +47,7 @@ export async function fetchSnapshot(
     token: string | null,
     versionId: string,
     fetchFullSnapshot: boolean,
+    forceAccessTokenViaAuthorizationHeader: boolean,
     logger: ITelemetryLogger,
     snapshotDownloader: (url: string, fetchOptions: {[index: string]: any}) => Promise<IOdspResponse<unknown>>,
 ): Promise<ISnapshotContents> {
@@ -61,7 +63,8 @@ export async function fetchSnapshot(
     }
 
     const queryString = getQueryString(queryParams);
-    const { url, headers } = getUrlAndHeadersWithAuth(`${snapshotUrl}${path}${queryString}`, token);
+    const { url, headers } = getUrlAndHeadersWithAuth(
+        `${snapshotUrl}${path}${queryString}`, token, forceAccessTokenViaAuthorizationHeader);
     const response = await PerformanceEvent.timedExecAsync(
         logger,
         {
@@ -77,6 +80,7 @@ export async function fetchSnapshotWithRedeem(
     odspResolvedUrl: IOdspResolvedUrl,
     storageTokenFetcher: InstrumentedStorageTokenFetcher,
     snapshotOptions: ISnapshotOptions | undefined,
+    forceAccessTokenViaAuthorizationHeader: boolean,
     logger: ITelemetryLogger,
     snapshotDownloader: (
             finalOdspResolvedUrl: IOdspResolvedUrl,
@@ -88,6 +92,12 @@ export async function fetchSnapshotWithRedeem(
     removeEntries: () => Promise<void>,
     enableRedeemFallback?: boolean,
 ): Promise<ISnapshotContents> {
+    // back-compat: This block to be removed with #8784 when we only consume/consider odsp resolvers that are >= 0.51
+    const sharingLinkToRedeem = (odspResolvedUrl as any).sharingLinkToRedeem;
+    if(sharingLinkToRedeem) {
+        odspResolvedUrl.shareLinkInfo = {...odspResolvedUrl.shareLinkInfo, sharingLinkToRedeem}
+    }
+
     return fetchLatestSnapshotCore(
         odspResolvedUrl,
         storageTokenFetcher,
@@ -103,16 +113,15 @@ export async function fetchSnapshotWithRedeem(
                 eventName: "RedeemFallback",
                 errorType: error.errorType,
             }, error);
-            await redeemSharingLink(odspResolvedUrl, storageTokenFetcher, logger);
+            await redeemSharingLink(
+                odspResolvedUrl, storageTokenFetcher, logger, forceAccessTokenViaAuthorizationHeader);
             const odspResolvedUrlWithoutShareLink: IOdspResolvedUrl =
-                { ...odspResolvedUrl, sharingLinkToRedeem: undefined };
-
-            if(odspResolvedUrlWithoutShareLink.shareLinkInfo) {
-                odspResolvedUrlWithoutShareLink.shareLinkInfo = {
-                    ...odspResolvedUrlWithoutShareLink.shareLinkInfo,
-                    sharingLinkToRedeem: undefined,
+                { ...odspResolvedUrl,
+                    shareLinkInfo: {
+                        ...odspResolvedUrl.shareLinkInfo,
+                        sharingLinkToRedeem: undefined
+                    }
                 };
-            }
 
             return fetchLatestSnapshotCore(
                 odspResolvedUrlWithoutShareLink,
@@ -141,6 +150,7 @@ async function redeemSharingLink(
     odspResolvedUrl: IOdspResolvedUrl,
     storageTokenFetcher: InstrumentedStorageTokenFetcher,
     logger: ITelemetryLogger,
+    forceAccessTokenViaAuthorizationHeader: boolean,
 ) {
     return PerformanceEvent.timedExecAsync(
         logger,
@@ -148,12 +158,13 @@ async function redeemSharingLink(
             eventName: "RedeemShareLink",
         },
         async () => getWithRetryForTokenRefresh(async (tokenFetchOptions) => {
-                assert(!!odspResolvedUrl.sharingLinkToRedeem,
+                assert(!!odspResolvedUrl.shareLinkInfo?.sharingLinkToRedeem,
                     0x1ed /* "Share link should be present" */);
                 const storageToken = await storageTokenFetcher(tokenFetchOptions, "RedeemShareLink");
-                const encodedShareUrl = getEncodedShareUrl(odspResolvedUrl.sharingLinkToRedeem);
+                const encodedShareUrl = getEncodedShareUrl(odspResolvedUrl.shareLinkInfo?.sharingLinkToRedeem);
                 const redeemUrl = `${odspResolvedUrl.siteUrl}/_api/v2.0/shares/${encodedShareUrl}`;
-                const { url, headers } = getUrlAndHeadersWithAuth(redeemUrl, storageToken);
+                const { url, headers } = getUrlAndHeadersWithAuth(
+                    redeemUrl, storageToken, forceAccessTokenViaAuthorizationHeader);
                 headers.prefer = "redeemSharingLink";
                 return fetchAndParseAsJSONHelper(url, { headers });
         }),
@@ -189,7 +200,7 @@ async function fetchLatestSnapshotCore(
         const perfEvent = {
             eventName: "TreesLatest",
             attempts: tokenFetchOptions.refresh ? 2 : 1,
-            shareLinkPresent: odspResolvedUrl.sharingLinkToRedeem !== undefined,
+            shareLinkPresent: odspResolvedUrl.shareLinkInfo?.sharingLinkToRedeem !== undefined,
             redeemFallbackEnabled: enableRedeemFallback,
         };
         if (snapshotOptions !== undefined) {
@@ -423,8 +434,8 @@ function getFormBodyAndHeaders(
             }
         });
     }
-    if (odspResolvedUrl.sharingLinkToRedeem) {
-        formParams.push(`sl: ${odspResolvedUrl.sharingLinkToRedeem}`);
+    if (odspResolvedUrl.shareLinkInfo?.sharingLinkToRedeem) {
+        formParams.push(`sl: ${odspResolvedUrl.shareLinkInfo?.sharingLinkToRedeem}`);
     }
     formParams.push(`_post: 1`);
     formParams.push(`\r\n--${formBoundary}--`);
@@ -467,6 +478,12 @@ export async function downloadSnapshot(
     controller?: AbortController,
     epochTracker?: EpochTracker,
 ): Promise<ISnapshotRequestAndResponseOptions> {
+    // back-compat: This block to be removed with #8784 when we only consume/consider odsp resolvers that are >= 0.51
+    const sharingLinkToRedeem = (odspResolvedUrl as any).sharingLinkToRedeem;
+    if(sharingLinkToRedeem) {
+        odspResolvedUrl.shareLinkInfo = {...odspResolvedUrl.shareLinkInfo, sharingLinkToRedeem}
+    }
+
     if (fetchBinarySnapshotFormat) {
         // Logging an event here as it is not supposed to be used in production yet and only in experimental mode.
         logger.sendTelemetryEvent({ eventName: "BinarySnapshotFetched" });
@@ -477,7 +494,7 @@ export async function downloadSnapshot(
 }
 
 function isRedeemSharingLinkError(odspResolvedUrl: IOdspResolvedUrl, error: any) {
-    if (odspResolvedUrl.sharingLinkToRedeem !== undefined
+    if (odspResolvedUrl.shareLinkInfo?.sharingLinkToRedeem !== undefined
         && (typeof error === "object" && error !== null)
         && (error.errorType === DriverErrorType.authorizationError
         || error.errorType === DriverErrorType.fileNotFoundOrAccessDeniedError)) {

package/src/getFileLink.ts

@@ -84,7 +84,7 @@ async function getFileLinkCore(
     identityType: IdentityType,
     logger: ITelemetryLogger,
 ): Promise<string> {
-    const fileItem = await getFileItemLite(getToken, odspUrlParts, logger);
+    const fileItem = await getFileItemLite(getToken, odspUrlParts, logger, identityType === "Consumer");
 
     // ODC canonical link does not require any additional processing
     if (identityType === "Consumer") {
@@ -104,7 +104,10 @@ async function getFileLinkCore(
                 const { url, headers } = getUrlAndHeadersWithAuth(
                     `${odspUrlParts.siteUrl}/_api/web/GetFileByUrl(@a1)/ListItemAllFields/GetSharingInformation?@a1=${
                         encodeURIComponent(`'${fileItem.webDavUrl}'`)
-                    }`, tokenFromResponse(token));
+                    }`,
+                    tokenFromResponse(token),
+                    false,
+                );
                 const requestInit = {
                     method: "POST",
                     headers: {
@@ -152,6 +155,7 @@ async function getFileItemLite(
     getToken: TokenFetcher<OdspResourceTokenFetchOptions>,
     odspUrlParts: IOdspUrlParts,
     logger: ITelemetryLogger,
+    forceAccessTokenViaAuthorizationHeader: boolean,
 ): Promise<FileItemLite> {
     return PerformanceEvent.timedExecAsync(
         logger,
@@ -166,6 +170,7 @@ async function getFileItemLite(
                 const { url, headers } = getUrlAndHeadersWithAuth(
                     `${siteUrl}/_api/v2.0/drives/${driveId}/items/${itemId}?select=webUrl,webDavUrl`,
                     tokenFromResponse(token),
+                    forceAccessTokenViaAuthorizationHeader,
                 );
                 const requestInit = { method: "GET", headers };
                 const response = await fetchHelper(url, requestInit);

package/src/getUrlAndHeadersWithAuth.ts

@@ -3,48 +3,34 @@
  * Licensed under the MIT License.
  */
 
-/**
- * Gets the length of the query string portion of a url.
- * @param url The full url
- */
-function getQueryStringLength(url: string): number {
-    const queryParamStart = url.indexOf("?");
-
-    if (queryParamStart === -1) {
-        return 0;
-    }
-
-    return url.length - queryParamStart - 1;
-}
-
-// eslint-disable-next-line max-len
-export function getUrlAndHeadersWithAuth(url: string, token: string | null): { url: string, headers: { [index: string]: string } } {
+export function getUrlAndHeadersWithAuth(
+    url: string,
+    token: string | null,
+    forceAccessTokenViaAuthorizationHeader: boolean,
+): { url: string, headers: { [index: string]: string } } {
     if (!token || token.length === 0) {
         return { url, headers: {} };
     }
 
-    const queryParamStart = url.indexOf("?");
-
-    // Determine if we need to add ?, &, or nothing (if the url ends with ?)
-    let tokenQueryParam = queryParamStart === -1 ? "?" : (queryParamStart !== url.length - 1 ? `&` : "");
-
-    const tokenIsQueryParam = token.startsWith("?");
-    if (tokenIsQueryParam) {
-        // The token itself is a query param
-        tokenQueryParam += token.substring(1);
-    } else {
-        tokenQueryParam += `access_token=${encodeURIComponent(token)}`;
-    }
-
-    // ODSP APIs have a limitation that the query string cannot exceed 2048 characters.
-    // We try to stick the access token in the URL to make it a simple XHR request and avoid an options call.
-    // If the query string exceeds 2048, we have to fall back to sending the access token as a header, which
-    // has a negative performance implication as it adds a performance overhead.
-    if (tokenIsQueryParam || getQueryStringLength(url + tokenQueryParam) <= 2048) {
-        return {
-            headers: {},
-            url: url + tokenQueryParam,
-        };
+    if (!forceAccessTokenViaAuthorizationHeader) {
+        // Pass access token via query string: this will make request be treated as 'simple' request
+        // which does not require OPTIONS call as part of CORS check.
+        const urlWithAccessTokenInQueryString = new URL(url);
+        // IMPORTANT: Do not apply encodeURIComponent to token, param value is automatically encoded
+        // when set via URLSearchParams class
+        urlWithAccessTokenInQueryString.searchParams.set("access_token", token);
+        // ODSP APIs have a limitation that the query string cannot exceed 2048 characters.
+        // If the query string exceeds 2048, we have to fall back to sending the access token as a header, which
+        // has a negative performance implication as it adds a performance overhead.
+        // NOTE: URL.search.length value includes '?' symbol and it is unclear whether backend logic which enforces
+        // query length limit accounts for it. This logic errs on side of caution and includes that key in overall
+        // query length.
+        if (urlWithAccessTokenInQueryString.search.length <= 2048) {
+            return {
+                headers: {},
+                url: urlWithAccessTokenInQueryString.href,
+            };
+        }
     }
 
     return {

package/src/odspDeltaStorageService.ts

@@ -53,9 +53,6 @@ export class OdspDeltaStorageService {
             let postBody = `--${formBoundary}\r\n`;
             postBody += `Authorization: Bearer ${storageToken}\r\n`;
             postBody += `X-HTTP-Method-Override: GET\r\n`;
-            if (fetchReason !== undefined) {
-                postBody += `fetchReason: ${fetchReason}\r\n`;
-            }
 
             postBody += `_post: 1\r\n`;
             postBody += `\r\n--${formBoundary}--`;
@@ -81,6 +78,7 @@ export class OdspDeltaStorageService {
                 },
                 "ops",
                 true,
+                fetchReason,
             );
             clearTimeout(timer);
             const deltaStorageResponse = response.content;

package/src/odspDocumentServiceFactoryCore.ts

@@ -104,6 +104,7 @@ export class OdspDocumentServiceFactoryCore implements IDocumentServiceFactory {
                     cacheAndTracker.epochTracker,
                     fileEntry,
                     this.hostPolicy.cacheCreateNewSummary ?? true,
+                    !!this.hostPolicy.sessionOptions?.forceAccessTokenViaAuthorizationHeader,
                 );
                 const docService = this.createDocumentServiceCore(odspResolvedUrl, odspLogger, cacheAndTracker);
                 event.end({

package/src/odspDocumentStorageManager.ts

@@ -40,7 +40,7 @@ import {
     getWithRetryForTokenRefresh,
     ISnapshotContents,
 } from "./odspUtils";
-import { EpochTracker } from "./epochTracker";
+import { defaultCacheExpiryTimeoutMs, EpochTracker } from "./epochTracker";
 import { OdspSummaryUploadManager } from "./odspSummaryUploadManager";
 import { FlushResult } from "./odspDocumentDeltaConnection";
 
@@ -167,6 +167,7 @@ export class OdspDocumentStorageService implements IDocumentStorageService {
         // Note that duplication of content should not have significant impact for bytes over wire as
         // compression of http payload mostly takes care of it, but it does impact storage size and in-memory sizes.
         minBlobSize: 2048,
+        maximumCacheDurationMs: defaultCacheExpiryTimeoutMs,
     };
 
     private readonly commitCache: Map<string, api.ISnapshotTree> = new Map();
@@ -224,7 +225,13 @@ export class OdspDocumentStorageService implements IDocumentStorageService {
         this.snapshotUrl = this.odspResolvedUrl.endpoints.snapshotStorageUrl;
         this.attachmentPOSTUrl = this.odspResolvedUrl.endpoints.attachmentPOSTStorageUrl;
         this.attachmentGETUrl = this.odspResolvedUrl.endpoints.attachmentGETStorageUrl;
-        this.odspSummaryUploadManager = new OdspSummaryUploadManager(this.snapshotUrl, getStorageToken, logger, epochTracker);
+        this.odspSummaryUploadManager = new OdspSummaryUploadManager(
+            this.snapshotUrl,
+            getStorageToken,
+            logger,
+            epochTracker,
+            !!this.hostPolicy.sessionOptions?.forceAccessTokenViaAuthorizationHeader,
+        );
     }
 
     public get repositoryUrl(): string {
@@ -236,7 +243,11 @@ export class OdspDocumentStorageService implements IDocumentStorageService {
 
         const response = await getWithRetryForTokenRefresh(async (options) => {
             const storageToken = await this.getStorageToken(options, "CreateBlob");
-            const { url, headers } = getUrlAndHeadersWithAuth(`${this.attachmentPOSTUrl}/content`, storageToken);
+            const { url, headers } = getUrlAndHeadersWithAuth(
+                `${this.attachmentPOSTUrl}/content`,
+                storageToken,
+                !!this.hostPolicy.sessionOptions?.forceAccessTokenViaAuthorizationHeader,
+            );
             headers["Content-Type"] = "application/octet-stream";
 
             return PerformanceEvent.timedExecAsync(
@@ -279,7 +290,11 @@ export class OdspDocumentStorageService implements IDocumentStorageService {
             blob = await getWithRetryForTokenRefresh(async (options) => {
                 const storageToken = await this.getStorageToken(options, "GetBlob");
                 const unAuthedUrl = `${this.attachmentGETUrl}/${encodeURIComponent(blobId)}/content`;
-                const { url, headers } = getUrlAndHeadersWithAuth(unAuthedUrl, storageToken);
+                const { url, headers } = getUrlAndHeadersWithAuth(
+                    unAuthedUrl,
+                    storageToken,
+                    !!this.hostPolicy.sessionOptions?.forceAccessTokenViaAuthorizationHeader,
+                );
 
                 return PerformanceEvent.timedExecAsync(
                     this.logger,
@@ -495,7 +510,11 @@ export class OdspDocumentStorageService implements IDocumentStorageService {
 
         return getWithRetryForTokenRefresh(async (options) => {
             const storageToken = await this.getStorageToken(options, "GetVersions");
-            const { url, headers } = getUrlAndHeadersWithAuth(`${this.snapshotUrl}/versions?count=${count}`, storageToken);
+            const { url, headers } = getUrlAndHeadersWithAuth(
+                `${this.snapshotUrl}/versions?count=${count}`,
+                storageToken,
+                !!this.hostPolicy.sessionOptions?.forceAccessTokenViaAuthorizationHeader,
+            );
 
             // Fetch the latest snapshot versions for the document
             const response = await PerformanceEvent.timedExecAsync(
@@ -594,11 +613,13 @@ export class OdspDocumentStorageService implements IDocumentStorageService {
                 this.odspResolvedUrl,
                 this.getStorageToken,
                 snapshotOptions,
+                !!this.hostPolicy.sessionOptions?.forceAccessTokenViaAuthorizationHeader,
                 this.logger,
                 snapshotDownloader,
                 putInCache,
                 removeEntries,
-                this.hostPolicy.enableRedeemFallback);
+                this.hostPolicy.enableRedeemFallback,
+            );
             return odspSnapshot;
         } catch (error) {
             const errorType = error.errorType;
@@ -617,11 +638,13 @@ export class OdspDocumentStorageService implements IDocumentStorageService {
                     this.odspResolvedUrl,
                     this.getStorageToken,
                     snapshotOptionsWithoutBlobs,
+                    !!this.hostPolicy.sessionOptions?.forceAccessTokenViaAuthorizationHeader,
                     this.logger,
                     snapshotDownloader,
                     putInCache,
                     removeEntries,
-                    this.hostPolicy.enableRedeemFallback);
+                    this.hostPolicy.enableRedeemFallback,
+                );
                 return odspSnapshot;
             }
             throw error;
@@ -729,7 +752,15 @@ export class OdspDocumentStorageService implements IDocumentStorageService {
                         "snapshotTree",
                     );
                 };
-                const snapshot = await fetchSnapshot(this.snapshotUrl!, storageToken, id, this.fetchFullSnapshot, this.logger, snapshotDownloader);
+                const snapshot = await fetchSnapshot(
+                    this.snapshotUrl!,
+                    storageToken,
+                    id,
+                    this.fetchFullSnapshot,
+                    !!this.hostPolicy.sessionOptions?.forceAccessTokenViaAuthorizationHeader,
+                    this.logger,
+                    snapshotDownloader,
+                );
                 let treeId = "";
                 if (snapshot.snapshotTree) {
                     assert(snapshot.snapshotTree.id !== undefined, 0x222 /* "Root tree should contain the id!!" */);

package/src/odspDriverUrlResolver.ts

@@ -11,6 +11,7 @@ import { createOdspUrl } from "./createOdspUrl";
 import { getApiRoot } from "./odspUrlHelper";
 import { getOdspResolvedUrl } from "./odspUtils";
 import { getHashedDocumentId } from "./odspPublicUtils";
+import { ClpCompliantAppHeader } from "./contractsPublic";
 
 function getUrlBase(siteUrl: string, driveId: string, itemId: string, fileVersion?: string) {
     const siteOrigin = new URL(siteUrl).origin;
@@ -101,6 +102,7 @@ export class OdspDriverUrlResolver implements IUrlResolver {
                 },
                 fileVersion: undefined,
                 shareLinkInfo,
+                isClpCompliantApp: request.headers?.[ClpCompliantAppHeader.isClpCompliantApp],
             };
         }
         const { siteUrl, driveId, itemId, path, containerPackageName, fileVersion } = decodeOdspUrl(request.url);
@@ -142,6 +144,7 @@ export class OdspDriverUrlResolver implements IUrlResolver {
                 containerPackageName,
             },
             fileVersion,
+            isClpCompliantApp: request.headers?.[ClpCompliantAppHeader.isClpCompliantApp],
         };
     }
 

package/src/odspDriverUrlResolverForShareLink.ts

@@ -133,9 +133,8 @@ export class OdspDriverUrlResolverForShareLink implements IUrlResolver {
             // We need to remove the nav param if set by host when setting the sharelink as otherwise the shareLinkId
             // when redeeming the share link during the redeem fallback for trees latest call becomes greater than
             // the eligible length.
-            odspResolvedUrl.sharingLinkToRedeem = this.removeNavParam(request.url);
             odspResolvedUrl.shareLinkInfo = Object.assign(odspResolvedUrl.shareLinkInfo || {},
-                {sharingLinkToRedeem: odspResolvedUrl.sharingLinkToRedeem});
+                {sharingLinkToRedeem: this.removeNavParam(request.url)});
         }
         if (odspResolvedUrl.itemId) {
             // Kick start the sharing link request if we don't have it already as a performance optimization.

package/src/odspSummaryUploadManager.ts

@@ -38,6 +38,7 @@ export class OdspSummaryUploadManager {
         private readonly getStorageToken: InstrumentedStorageTokenFetcher,
         logger: ITelemetryLogger,
         private readonly epochTracker: EpochTracker,
+        private readonly forceAccessTokenViaAuthorizationHeader: boolean,
     ) {
         this.mc = loggerToMonitoringContext(logger);
     }
@@ -84,7 +85,11 @@ export class OdspSummaryUploadManager {
         return getWithRetryForTokenRefresh(async (options) => {
             const storageToken = await this.getStorageToken(options, "WriteSummaryTree");
 
-            const { url, headers } = getUrlAndHeadersWithAuth(`${this.snapshotUrl}/snapshot`, storageToken);
+            const { url, headers } = getUrlAndHeadersWithAuth(
+                `${this.snapshotUrl}/snapshot`,
+                storageToken,
+                this.forceAccessTokenViaAuthorizationHeader,
+            );
             headers["Content-Type"] = "application/json";
             if (parentHandle) {
                 headers["If-Match"] = `fluid:containerid=${parentHandle}`;

package/src/packageVersion.ts

@@ -6,4 +6,4 @@
  */
 
 export const pkgName = "@fluidframework/odsp-driver";
-export const pkgVersion = "0.55.2";
+export const pkgVersion = "0.56.2";

package/src/prefetchLatestSnapshot.ts

@@ -31,6 +31,7 @@ import { IVersionedValueWithEpoch } from "./contracts";
  * @param getStorageToken - function that can provide the storage token for a given site. This is
  *  is also referred to as the "VROOM" token in SPO.
  * @param persistedCache - Cache to store the fetched snapshot.
+ * @param forceAccessTokenViaAuthorizationHeader - whether to force passing given token via authorization header.
  * @param logger - Logger to have telemetry events.
  * @param hostSnapshotFetchOptions - Options to fetch the snapshot if any. Otherwise default will be used.
  * @param enableRedeemFallback - True to have the sharing link redeem fallback in case the Trees Latest/Redeem
@@ -42,6 +43,7 @@ export async function prefetchLatestSnapshot(
     resolvedUrl: IResolvedUrl,
     getStorageToken: TokenFetcher<OdspResourceTokenFetchOptions>,
     persistedCache: IPersistedCache,
+    forceAccessTokenViaAuthorizationHeader: boolean,
     logger: ITelemetryBaseLogger,
     hostSnapshotFetchOptions: ISnapshotOptions | undefined,
     enableRedeemFallback?: boolean,
@@ -84,6 +86,7 @@ export async function prefetchLatestSnapshot(
                     odspResolvedUrl,
                     storageTokenFetcher,
                     hostSnapshotFetchOptions,
+                    forceAccessTokenViaAuthorizationHeader,
                     odspLogger,
                     snapshotDownloader,
                     putInCache,

package/src/retryErrorsStorageAdapter.ts

@@ -54,7 +54,7 @@ export class RetryErrorsStorageAdapter implements IDocumentStorageService, IDisp
         );
     }
 
-    public async getVersions(versionId: string, count: number): Promise<IVersion[]> {
+    public async getVersions(versionId: string | null, count: number): Promise<IVersion[]> {
         return this.runWithRetry(
             async () => this.internalStorageService.getVersions(versionId, count),
             "storage_getVersions",