From 9490ac4d479d1b3952d7ac7c709e16fb5a501f2e Mon Sep 17 00:00:00 2001
From: Zak Burke <zburke@ebsco.com>
Date: Fri, 8 Sep 2023 07:12:37 -0400
Subject: [PATCH 1/3] STSMACOM-714 handle access-control via cookies

Handle access-control via cookies and the `credentials: 'include'` fetch
option instead of sending the `X-Okapi-Token` HTTP request header.

Refs STSMACOM-714, FOLIO-3627
---
 CHANGELOG.md                          | 1 +
 lib/CustomFields/utils/makeRequest.js | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 129d5154c..fed6cba2a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@
 * Provide the ability to handle the status change of the `<EditableListForm>`. Refs STSMACOM-774.
 * Provide missing dependencies (`uuid`). Refs STSMACOM-776.
 * Do not reset advanced search filters if the advanced search option is already selected. Fixes STSMACOM-777.
+* *BREAKING* Handle access-control via cookies. Refs STSMACOM-714.
 
 ## [8.0.0](https://github.com/folio-org/stripes-smart-components/tree/v8.0.0) (2023-01-30)
 [Full Changelog](https://github.com/folio-org/stripes-smart-components/compare/v7.3.0...v8.0.0)
diff --git a/lib/CustomFields/utils/makeRequest.js b/lib/CustomFields/utils/makeRequest.js
index dfcf265f2..0b4e8fb1f 100644
--- a/lib/CustomFields/utils/makeRequest.js
+++ b/lib/CustomFields/utils/makeRequest.js
@@ -1,6 +1,5 @@
 export default okapi => moduleId => path => options => {
   const headers = {
-    'x-okapi-token': okapi.token,
     'x-okapi-tenant': okapi.tenant,
     'content-type': 'application/json',
     ...options.headers,
@@ -9,6 +8,8 @@ export default okapi => moduleId => path => options => {
   const okapiModuleId = moduleId ? { 'x-okapi-module-id': moduleId } : {};
 
   return fetch(`${okapi.url}/${path}`, {
+    credentials: 'include',
+    mode: 'cors',
     ...options,
     headers: {
       ...headers,

From 5bca9f71a08d832d7c54609facfb69fa376eee23 Mon Sep 17 00:00:00 2001
From: Zak Burke <zburke@ebsco.com>
Date: Sat, 7 Oct 2023 21:10:48 -0400
Subject: [PATCH 2/3] omit token in requests and props

---
 .../pages/EditCustomFieldsRecord/EditCustomFieldsRecord.js    | 1 -
 .../EditCustomFieldsSettings/EditCustomFieldsSettings.js      | 1 -
 .../pages/ViewCustomFieldsRecord/ViewCustomFieldsRecord.js    | 1 -
 .../ViewCustomFieldsSettings/ViewCustomFieldsSettings.js      | 1 -
 lib/CustomFields/utils/useCustomFieldsFetch.js                | 4 ++--
 lib/CustomFields/utils/useSectionTitleFetch.js                | 4 ++--
 6 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/lib/CustomFields/pages/EditCustomFieldsRecord/EditCustomFieldsRecord.js b/lib/CustomFields/pages/EditCustomFieldsRecord/EditCustomFieldsRecord.js
index 515299364..89f076d57 100644
--- a/lib/CustomFields/pages/EditCustomFieldsRecord/EditCustomFieldsRecord.js
+++ b/lib/CustomFields/pages/EditCustomFieldsRecord/EditCustomFieldsRecord.js
@@ -74,7 +74,6 @@ const propTypes = {
   isReduxForm: PropTypes.bool,
   okapi: PropTypes.shape({
     tenant: PropTypes.string.isRequired,
-    token: PropTypes.string.isRequired,
     url: PropTypes.string.isRequired,
   }).isRequired,
   onToggle: PropTypes.func,
diff --git a/lib/CustomFields/pages/EditCustomFieldsSettings/EditCustomFieldsSettings.js b/lib/CustomFields/pages/EditCustomFieldsSettings/EditCustomFieldsSettings.js
index 224ff43cd..3c1fbe043 100644
--- a/lib/CustomFields/pages/EditCustomFieldsSettings/EditCustomFieldsSettings.js
+++ b/lib/CustomFields/pages/EditCustomFieldsSettings/EditCustomFieldsSettings.js
@@ -38,7 +38,6 @@ const propTypes = {
   intl: PropTypes.object,
   okapi: PropTypes.shape({
     tenant: PropTypes.string.isRequired,
-    token: PropTypes.string.isRequired,
     url: PropTypes.string.isRequired,
   }).isRequired,
   permissions: permissionsShape.isRequired,
diff --git a/lib/CustomFields/pages/ViewCustomFieldsRecord/ViewCustomFieldsRecord.js b/lib/CustomFields/pages/ViewCustomFieldsRecord/ViewCustomFieldsRecord.js
index a19eb0db0..cfd03d7c4 100644
--- a/lib/CustomFields/pages/ViewCustomFieldsRecord/ViewCustomFieldsRecord.js
+++ b/lib/CustomFields/pages/ViewCustomFieldsRecord/ViewCustomFieldsRecord.js
@@ -53,7 +53,6 @@ const propTypes = {
   noCustomFieldsFoundLabel: PropTypes.node,
   okapi: PropTypes.shape({
     tenant: PropTypes.string.isRequired,
-    token: PropTypes.string.isRequired,
     url: PropTypes.string.isRequired,
   }).isRequired,
   onToggle: PropTypes.func.isRequired,
diff --git a/lib/CustomFields/pages/ViewCustomFieldsSettings/ViewCustomFieldsSettings.js b/lib/CustomFields/pages/ViewCustomFieldsSettings/ViewCustomFieldsSettings.js
index 2204c2080..b1221bd7f 100644
--- a/lib/CustomFields/pages/ViewCustomFieldsSettings/ViewCustomFieldsSettings.js
+++ b/lib/CustomFields/pages/ViewCustomFieldsSettings/ViewCustomFieldsSettings.js
@@ -41,7 +41,6 @@ const propTypes = {
   entityType: PropTypes.string.isRequired,
   okapi: PropTypes.shape({
     tenant: PropTypes.string.isRequired,
-    token: PropTypes.string.isRequired,
     url: PropTypes.string.isRequired,
   }).isRequired,
   permissions: permissionsShape.isRequired,
diff --git a/lib/CustomFields/utils/useCustomFieldsFetch.js b/lib/CustomFields/utils/useCustomFieldsFetch.js
index f9c1ad183..56d00a939 100644
--- a/lib/CustomFields/utils/useCustomFieldsFetch.js
+++ b/lib/CustomFields/utils/useCustomFieldsFetch.js
@@ -11,8 +11,8 @@ const useCustomFieldsFetch = (okapi, backendModuleId, entityType) => {
   const [customFieldsFetchFailed, setCustomFieldsFetchFailed] = useState(false);
 
   const makeOkapiRequest = useCallback(
-    (url) => makeRequest({ token: okapi.token, tenant: okapi.tenant, url: okapi.url })(backendModuleId)(url),
-    [backendModuleId, okapi.token, okapi.tenant, okapi.url]
+    (url) => makeRequest({ tenant: okapi.tenant, url: okapi.url })(backendModuleId)(url),
+    [backendModuleId, okapi.tenant, okapi.url]
   );
 
   useEffect(() => {
diff --git a/lib/CustomFields/utils/useSectionTitleFetch.js b/lib/CustomFields/utils/useSectionTitleFetch.js
index 4b5b2b935..84623db9e 100644
--- a/lib/CustomFields/utils/useSectionTitleFetch.js
+++ b/lib/CustomFields/utils/useSectionTitleFetch.js
@@ -8,8 +8,8 @@ const useSectionTitleFetch = (okapi, moduleName) => {
   const [sectionTitleFetchFailed, setSectionTitleFetchFailed] = useState(false);
 
   const makeOkapiRequest = useCallback(
-    (url) => makeRequest({ token: okapi.token, tenant: okapi.tenant, url: okapi.url })()(url),
-    [okapi.token, okapi.tenant, okapi.url]
+    (url) => makeRequest({ tenant: okapi.tenant, url: okapi.url })()(url),
+    [okapi.tenant, okapi.url]
   );
 
   useEffect(() => {

From 72ebf87fca6c5ffe0600ccda0cc4bb313af45e6b Mon Sep 17 00:00:00 2001
From: Zak Burke <zburke@ebsco.com>
Date: Mon, 30 Oct 2023 16:13:03 -0400
Subject: [PATCH 3/3] be more backwards compatible when x-okapi-token is
 present

---
 lib/CustomFields/utils/makeRequest.js          | 1 +
 lib/CustomFields/utils/useCustomFieldsFetch.js | 4 ++--
 lib/CustomFields/utils/useSectionTitleFetch.js | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/CustomFields/utils/makeRequest.js b/lib/CustomFields/utils/makeRequest.js
index 0b4e8fb1f..8045e78b1 100644
--- a/lib/CustomFields/utils/makeRequest.js
+++ b/lib/CustomFields/utils/makeRequest.js
@@ -2,6 +2,7 @@ export default okapi => moduleId => path => options => {
   const headers = {
     'x-okapi-tenant': okapi.tenant,
     'content-type': 'application/json',
+    ...(okapi.token && { 'x-okapi-token': okapi.token }),
     ...options.headers,
   };
 
diff --git a/lib/CustomFields/utils/useCustomFieldsFetch.js b/lib/CustomFields/utils/useCustomFieldsFetch.js
index 56d00a939..f9c1ad183 100644
--- a/lib/CustomFields/utils/useCustomFieldsFetch.js
+++ b/lib/CustomFields/utils/useCustomFieldsFetch.js
@@ -11,8 +11,8 @@ const useCustomFieldsFetch = (okapi, backendModuleId, entityType) => {
   const [customFieldsFetchFailed, setCustomFieldsFetchFailed] = useState(false);
 
   const makeOkapiRequest = useCallback(
-    (url) => makeRequest({ tenant: okapi.tenant, url: okapi.url })(backendModuleId)(url),
-    [backendModuleId, okapi.tenant, okapi.url]
+    (url) => makeRequest({ token: okapi.token, tenant: okapi.tenant, url: okapi.url })(backendModuleId)(url),
+    [backendModuleId, okapi.token, okapi.tenant, okapi.url]
   );
 
   useEffect(() => {
diff --git a/lib/CustomFields/utils/useSectionTitleFetch.js b/lib/CustomFields/utils/useSectionTitleFetch.js
index 84623db9e..4b5b2b935 100644
--- a/lib/CustomFields/utils/useSectionTitleFetch.js
+++ b/lib/CustomFields/utils/useSectionTitleFetch.js
@@ -8,8 +8,8 @@ const useSectionTitleFetch = (okapi, moduleName) => {
   const [sectionTitleFetchFailed, setSectionTitleFetchFailed] = useState(false);
 
   const makeOkapiRequest = useCallback(
-    (url) => makeRequest({ tenant: okapi.tenant, url: okapi.url })()(url),
-    [okapi.tenant, okapi.url]
+    (url) => makeRequest({ token: okapi.token, tenant: okapi.tenant, url: okapi.url })()(url),
+    [okapi.token, okapi.tenant, okapi.url]
   );
 
   useEffect(() => {