X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=client%2Fsrc%2Futils%2Fajax.js;h=eb30330a7b7bb9a77ff1932819bd45af4777c129;hb=c97830ea3ee97c6c408c62dab6c59da46cfd03d5;hp=46edca06b953068ebeb4391730207db51d9014e9;hpb=03470390eba8fd75b6aa5d929140d16a4aa719b9;p=vchess.git

diff --git a/client/src/utils/ajax.js b/client/src/utils/ajax.js
index 46edca06..eb30330a 100644
--- a/client/src/utils/ajax.js
+++ b/client/src/utils/ajax.js
@@ -1,5 +1,9 @@
 import params from "../parameters"; //for server URL
 
+// TODO: replace by fetch API ?
+// https://www.sitepoint.com/xmlhttprequest-vs-the-fetch-api-whats-best-for-ajax-in-2019/
+// Problem: fetch() does not set req.xhr... see access/ajax() security especially for /whoami
+
 // From JSON (encoded string values!) to "arg1=...&arg2=..."
 function toQueryString(data)
 {
@@ -14,28 +18,35 @@ function toQueryString(data)
 export function ajax(url, method, data, success, error)
 {
 	let xhr = new XMLHttpRequest();
-	if (typeof(data) === "function") //no data
+	if (data === undefined || typeof(data) === "function") //no data
 	{
 		error = success;
 		success = data;
 		data = {};
 	}
+  if (!success)
+    success = () => {}; //by default, do nothing
 	if (!error)
 		error = errmsg => { alert(errmsg); };
-
 	xhr.onreadystatechange = function() {
 		if (this.readyState == 4 && this.status == 200)
 		{
+      let res_json = "";
 			try {
-				let res_json = JSON.parse(xhr.responseText);
-				if (!res_json.errmsg)
-					success(res_json);
-				else
-					error(res_json.errmsg);
-			} catch (e) {
+				res_json = JSON.parse(xhr.responseText);
+      } catch (e) {
 				// Plain text (e.g. for rules retrieval)
-				success(xhr.responseText);
-			}
+				return success(xhr.responseText);
+      }
+      if (!res_json.errmsg && !res_json.errno)
+        success(res_json);
+			else
+      {
+        if (!!res_json.errmsg)
+				  error(res_json.errmsg);
+        else
+          error(res_json.code + ". errno = " + res_json.errno);
+      }
 		}
 	};
 
@@ -46,7 +57,10 @@ export function ajax(url, method, data, success, error)
 	}
 	xhr.open(method, params.serverUrl + url, true);
 	xhr.setRequestHeader('X-Requested-With', "XMLHttpRequest");
-	if (["POST","PUT"].includes(method))
+	// Next line to allow cross-domain cookies in dev mode (TODO: if...)
+  if (params.cors)
+    xhr.withCredentials = true;
+  if (["POST","PUT"].includes(method))
 	{
 		xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
 		xhr.send(JSON.stringify(data));