fix: enable XHR credential in resync request

After session expiration, Flow client in webcomponent mode send a GET request to the server to re-initialize itself with a valid session cookie. However, the XHR call is done with the withCredentials flag set to false, making the browser ignore the Set-Cookie header in the response. This change forces the withCredential flag to true for resync request so that the new cookie can be handled by the browser and reused in the subsequent request that re-intitializes the embedded component. Fixes #19620
vaadin · Nov 4, 2024 · 4654363 · 4654363
1 parent b08a094
commit 4654363
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/flow-client/src/main/java/com/vaadin/client/SystemErrorHandler.java b/flow-client/src/main/java/com/vaadin/client/SystemErrorHandler.java
@@ -155,7 +155,7 @@ private void resynchronizeSession() {
                 ApplicationConstants.REQUEST_TYPE_PARAMETER,
                 ApplicationConstants.REQUEST_TYPE_WEBCOMPONENT_RESYNC);
 
-        Xhr.get(sessionResyncUri, new Xhr.Callback() {
+        Xhr.getWithCredentials(sessionResyncUri, new Xhr.Callback() {
             @Override
             public void onFail(XMLHttpRequest xhr, Exception exception) {
                 handleError(exception);

diff --git a/flow-client/src/main/java/com/vaadin/client/gwt/elemental/js/util/Xhr.java b/flow-client/src/main/java/com/vaadin/client/gwt/elemental/js/util/Xhr.java
@@ -18,6 +18,7 @@
 import com.google.gwt.core.client.JavaScriptException;
 import com.google.gwt.xhr.client.ReadyStateChangeHandler;
 import com.google.gwt.xhr.client.XMLHttpRequest;
+
 import com.vaadin.client.Console;
 
 import elemental.client.Browser;
@@ -90,6 +91,23 @@ public static XMLHttpRequest get(String url, Callback callback) {
         return request(create(), "GET", url, callback);
     }
 
+    /**
+     * Send a GET request to the <code>url</code> including credentials in XHR,
+     * and dispatch updates to the <code>callback</code>.
+     *
+     * @param url
+     *            the URL
+     * @param callback
+     *            the callback to be notified
+     * @return a reference to the sent XmlHttpRequest
+     */
+    public static XMLHttpRequest getWithCredentials(String url,
+            Callback callback) {
+        XMLHttpRequest request = create();
+        request.setWithCredentials(true);
+        return request(request, "GET", url, callback);
+    }
+
     /**
      * Send a GET request to the <code>url</code> and dispatch updates to the
      * <code>callback</code>.