ahmido
1fec9c6f9d
Some checks failed
Main Confidence / confidence (push) Failing after 45s
## Summary - introduce surface-aware compressed governance outcomes and reuse the shared truth/explanation seams for operator-first summaries - apply the compressed outcome hierarchy across baseline, evidence, review, review-pack, canonical review/evidence, and artifact-oriented operation-run surfaces - expand spec 214 fixtures and Pest coverage, and fix tenant-panel route assertions by generating explicit tenant-panel URLs in the affected Filament tests ## Validation - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` - focused governance compression suite from `specs/214-governance-outcome-compression/quickstart.md` passed (`68` tests, `445` assertions) - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/InventoryItemResourceTest.php tests/Feature/Filament/BackupSetUiEnforcementTest.php tests/Feature/Filament/RestoreRunUiEnforcementTest.php` passed (`18` tests, `81` assertions) Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #253
71 lines
2.2 KiB
Plaintext
71 lines
2.2 KiB
Plaintext
import platform from '../platform/index.js';
|
|
import utils from '../utils.js';
|
|
import isURLSameOrigin from './isURLSameOrigin.js';
|
|
import cookies from './cookies.js';
|
|
import buildFullPath from '../core/buildFullPath.js';
|
|
import mergeConfig from '../core/mergeConfig.js';
|
|
import AxiosHeaders from '../core/AxiosHeaders.js';
|
|
import buildURL from './buildURL.js';
|
|
|
|
export default (config) => {
|
|
const newConfig = mergeConfig({}, config);
|
|
|
|
let { data, withXSRFToken, xsrfHeaderName, xsrfCookieName, headers, auth } = newConfig;
|
|
|
|
newConfig.headers = headers = AxiosHeaders.from(headers);
|
|
|
|
newConfig.url = buildURL(
|
|
buildFullPath(newConfig.baseURL, newConfig.url, newConfig.allowAbsoluteUrls),
|
|
config.params,
|
|
config.paramsSerializer
|
|
);
|
|
|
|
// HTTP basic authentication
|
|
if (auth) {
|
|
headers.set(
|
|
'Authorization',
|
|
'Basic ' +
|
|
btoa(
|
|
(auth.username || '') +
|
|
':' +
|
|
(auth.password ? unescape(encodeURIComponent(auth.password)) : '')
|
|
)
|
|
);
|
|
}
|
|
|
|
if (utils.isFormData(data)) {
|
|
if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
|
|
headers.setContentType(undefined); // browser handles it
|
|
} else if (utils.isFunction(data.getHeaders)) {
|
|
// Node.js FormData (like form-data package)
|
|
const formHeaders = data.getHeaders();
|
|
// Only set safe headers to avoid overwriting security headers
|
|
const allowedHeaders = ['content-type', 'content-length'];
|
|
Object.entries(formHeaders).forEach(([key, val]) => {
|
|
if (allowedHeaders.includes(key.toLowerCase())) {
|
|
headers.set(key, val);
|
|
}
|
|
});
|
|
}
|
|
}
|
|
|
|
// Add xsrf header
|
|
// This is only done if running in a standard browser environment.
|
|
// Specifically not if we're in a web worker, or react-native.
|
|
|
|
if (platform.hasStandardBrowserEnv) {
|
|
withXSRFToken && utils.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(newConfig));
|
|
|
|
if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(newConfig.url))) {
|
|
// Add xsrf header
|
|
const xsrfValue = xsrfHeaderName && xsrfCookieName && cookies.read(xsrfCookieName);
|
|
|
|
if (xsrfValue) {
|
|
headers.set(xsrfHeaderName, xsrfValue);
|
|
}
|
|
}
|
|
}
|
|
|
|
return newConfig;
|
|
};
|