@umbraco-cms/backoffice 16.4.0-rc → 16.4.0-rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist-cms/external/openid/src/xhr.js +1 -0
  2. package/dist-cms/packages/core/auth/auth-flow.js +2 -0
  3. package/dist-cms/packages/core/http-client/index.d.ts +2 -1
  4. package/dist-cms/packages/core/http-client/index.js +12 -1
  5. package/dist-cms/packages/core/resources/try-execute/tryXhrRequest.function.js +1 -0
  6. package/dist-cms/packages/core/resources/types.d.ts +1 -0
  7. package/dist-cms/packages/documents/documents/user-permissions/document/repository/document-permission.server.data.js +1 -0
  8. package/dist-cms/tsconfig.build.tsbuildinfo +1 -1
  9. package/dist-cms/umbraco-package.json +1 -1
  10. package/package.json +1 -1
package/dist-cms/external/openid/src/xhr.js CHANGED
@@ -30,6 +30,7 @@ export class FetchRequestor extends Requestor {
30
30
  const requestInit = {};
31
31
  requestInit.method = settings.method;
32
32
  requestInit.mode = 'cors';
33
+ requestInit.credentials = settings.credentials ?? 'include';
33
34
  if (settings.data) {
34
35
  if (settings.method && settings.method.toUpperCase() === 'POST') {
35
36
  requestInit.body = settings.data;
package/dist-cms/packages/core/auth/auth-flow.js CHANGED
@@ -294,6 +294,7 @@ export class UmbAuthFlow {
294
294
  const token = await this.performWithFreshTokens();
295
295
  const request = new Request(this.#unlink_endpoint, {
296
296
  method: 'POST',
297
+ credentials: 'include',
297
298
  headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${token}` },
298
299
  body: JSON.stringify({ loginProvider, providerKey }),
299
300
  });
@@ -370,6 +371,7 @@ export class UmbAuthFlow {
370
371
  async #makeLinkTokenRequest(provider) {
371
372
  const token = await this.performWithFreshTokens();
372
373
  const request = await fetch(`${this.#link_key_endpoint}?provider=${provider}`, {
374
+ credentials: 'include',
373
375
  headers: {
374
376
  Authorization: `Bearer ${token}`,
375
377
  'Content-Type': 'application/json',
package/dist-cms/packages/core/http-client/index.d.ts CHANGED
@@ -1 +1,2 @@
1
- export { client as umbHttpClient } from '../backend-api/index.js';
1
+ import { client } from '../backend-api/index.js';
2
+ export { client as umbHttpClient };
package/dist-cms/packages/core/http-client/index.js CHANGED
@@ -1 +1,12 @@
1
- export { client as umbHttpClient } from '../backend-api/index.js';
1
+ import { client } from '../backend-api/index.js';
2
+ /**
3
+ * Pre-configure the client with default credentials for cookie-based authentication.
4
+ * This ensures all requests include cookies by default, which is required for
5
+ * cookie-based authentication in Umbraco 17.0+.
6
+ *
7
+ * Extensions using this client will automatically get credentials: 'include'.
8
+ */
9
+ client.setConfig({
10
+ credentials: 'include',
11
+ });
12
+ export { client as umbHttpClient };
package/dist-cms/packages/core/resources/try-execute/tryXhrRequest.function.js CHANGED
@@ -36,6 +36,7 @@ function createXhrRequest(options) {
36
36
  return new UmbCancelablePromise(async (resolve, reject, onCancel) => {
37
37
  const xhr = new XMLHttpRequest();
38
38
  xhr.open(options.method, `${baseUrl}${options.url}`, true);
39
+ xhr.withCredentials = options.withCredentials ?? true;
39
40
  // Set default headers
40
41
  if (options.token) {
41
42
  const token = typeof options.token === 'function' ? await options.token() : options.token;
package/dist-cms/packages/core/resources/types.d.ts CHANGED
@@ -4,6 +4,7 @@ export interface XhrRequestOptions extends UmbTryExecuteOptions {
4
4
  baseUrl?: string;
5
5
  method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS';
6
6
  url: string;
7
+ withCredentials?: boolean;
7
8
  body?: unknown;
8
9
  token?: string | (() => undefined | string | Promise<string | undefined>);
9
10
  headers?: Record<string, string>;
package/dist-cms/packages/documents/documents/user-permissions/document/repository/document-permission.server.data.js CHANGED
@@ -16,6 +16,7 @@ export class UmbDocumentPermissionServerDataSource {
16
16
  requestPermissions(id) {
17
17
  return tryExecute(this.#host, fetch(`/umbraco/management/api/v1/document/${id}/permissions`, {
18
18
  method: 'GET',
19
+ credentials: 'include',
19
20
  headers: {
20
21
  'Content-Type': 'application/json',
21
22
  },