@snap/camera-kit
Version:
Camera Kit Web
49 lines • 2.71 kB
TypeScript
import type { ChainableHandler } from "./HandlerChainBuilder";
/**
* Some requests may require a no-cors pre-flight (which are allowed to follow redirects) before they can be
* successful.
*
* An example is a federated identity authentication flow, like OpenID Connect or OAuth. In many such schemes,
* an unauthenticated request will not include CORs headers. Instead, a redirect to an Identity Provider will be
* returned. In order follow this redirect, the Fetch request must be made with "no-cors" mode.
*
* Once the "no-cors" request is made, redirects are followed resulting in authentication cookies being set on the
* original domain. Then, the original request can be retried and the server will authenticate the request and set
* proper CORs headers on the response.
*
* Here's an example request flow, in which the page already has cookies for IdentityProvider.com (if that wasn't
* the case, IdentityProvider.com would prompt the user for credentials and the rest of the flow would be the same):
*
* ```
* WebPage a.com MyServer b.com IdentityProvider c.com
* | | |
* Original request, | |
* unauthenticated: | |
* |------------------------>| |
* |<--302: c.com, no CORs---| |
* | | |
* | | |
* No CORs headers in | |
* response. Retry in | |
* "no-cors" mode: | |
* |-----"no-cors" mode----->| |
* |<--302: c.com, no CORs---| |
* | | |
* | | |
* |------------------IdP cookies------------->|
* |<----------302: b.com?token=foo------------|
* | |
* | | |
* |----b.com?token=foo----->| |
* |<-302: b.com, set cookie-| |
* | | |
* | | |
* Retry original request, | |
* now authenticated: | |
* |-----------cookie------->| |
* |<-----------200----------| |
* | |
* ```
*/
export declare const createNoCorsRetryingFetchHandler: <Res>() => ChainableHandler<RequestInfo, Res, RequestInfo, Res, RequestInit | undefined>;
//# sourceMappingURL=noCorsRetryingFetchHandler.d.ts.map