X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=client%2Fsrc%2Futils%2Fajax.js;h=86925b03765006dae3eaeeb36bc388f61b884efb;hp=46edca06b953068ebeb4391730207db51d9014e9;hb=4f298adbee00942323fc7ec517117552aeb5a08a;hpb=03470390eba8fd75b6aa5d929140d16a4aa719b9

diff --git a/client/src/utils/ajax.js b/client/src/utils/ajax.js
index 46edca06..86925b03 100644
--- a/client/src/utils/ajax.js
+++ b/client/src/utils/ajax.js
@@ -1,56 +1,70 @@
 import params from "../parameters"; //for server URL
 
+// TODO: replace by fetch API ?
+// https://www.sitepoint.com/xmlhttprequest-vs-the-fetch-api-whats-best-for-ajax-in-2019/
+// Problem: fetch() does not set req.xhr... see access/ajax() security especially for /whoami
+
 // From JSON (encoded string values!) to "arg1=...&arg2=..."
 function toQueryString(data)
 {
-	let data_str = "";
-	Object.keys(data).forEach(k => {
-		data_str += k + "=" + encodeURIComponent(data[k]) + "&";
-	});
-	return data_str.slice(0, -1); //remove last "&"
+  let data_str = "";
+  Object.keys(data).forEach(k => {
+    data_str += k + "=" + encodeURIComponent(data[k]) + "&";
+  });
+  return data_str.slice(0, -1); //remove last "&"
 }
 
 // data, error: optional
 export function ajax(url, method, data, success, error)
 {
-	let xhr = new XMLHttpRequest();
-	if (typeof(data) === "function") //no data
-	{
-		error = success;
-		success = data;
-		data = {};
-	}
-	if (!error)
-		error = errmsg => { alert(errmsg); };
-
-	xhr.onreadystatechange = function() {
-		if (this.readyState == 4 && this.status == 200)
-		{
-			try {
-				let res_json = JSON.parse(xhr.responseText);
-				if (!res_json.errmsg)
-					success(res_json);
-				else
-					error(res_json.errmsg);
-			} catch (e) {
-				// Plain text (e.g. for rules retrieval)
-				success(xhr.responseText);
-			}
-		}
-	};
+  let xhr = new XMLHttpRequest();
+  if (data === undefined || typeof(data) === "function") //no data
+  {
+    error = success;
+    success = data;
+    data = {};
+  }
+  if (!success)
+    success = () => {}; //by default, do nothing
+  if (!error)
+    error = errmsg => { alert(errmsg); };
+  xhr.onreadystatechange = function() {
+    if (this.readyState == 4 && this.status == 200)
+    {
+      let res_json = "";
+      try {
+        res_json = JSON.parse(xhr.responseText);
+      } catch (e) {
+        // Plain text (e.g. for rules retrieval)
+        return success(xhr.responseText);
+      }
+      if (!res_json.errmsg && !res_json.errno)
+        success(res_json);
+      else
+      {
+        if (!!res_json.errmsg)
+          error(res_json.errmsg);
+        else
+          error(res_json.code + ". errno = " + res_json.errno);
+      }
+    }
+  };
 
-	if (["GET","DELETE"].includes(method) && !!data)
-	{
-		// Append query params to URL
-		url += "/?" + toQueryString(data);
-	}
-	xhr.open(method, params.serverUrl + url, true);
-	xhr.setRequestHeader('X-Requested-With', "XMLHttpRequest");
-	if (["POST","PUT"].includes(method))
-	{
-		xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
-		xhr.send(JSON.stringify(data));
-	}
-	else
-		xhr.send();
+  if (["GET","DELETE"].includes(method) && !!data)
+  {
+    // Append query params to URL
+    url += "/?" + toQueryString(data);
+  }
+  xhr.open(method, params.serverUrl + url, true);
+  xhr.setRequestHeader('X-Requested-With', "XMLHttpRequest");
+  // Next line to allow cross-domain cookies in dev mode
+  if (params.cors)
+    xhr.withCredentials = true;
+  if (["POST","PUT"].includes(method))
+  {
+    xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
+    xhr.send(JSON.stringify(data));
+  }
+  else
+    xhr.send();
 }