Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingredient edition does refused from JS #9807

Closed
alexfauquette opened this issue Feb 18, 2024 · 4 comments
Closed

Ingredient edition does refused from JS #9807

alexfauquette opened this issue Feb 18, 2024 · 4 comments

Comments

@alexfauquette
Copy link
Member

What

When sending a request to edit an ingredient text, the request is refused. However the same request copy pasted in the browser succeed

Steps to reproduce the behavior

  1. Go to https://hunger.openfoodfacts.org/bugs
  2. Open network dev tools
  3. Click on "Test send" (it send the request to the test product 123456789)
  4. See the request returns "no code or invalid code"
  5. Copy past the request in an other tab
  6. It returns "fields saved"

Expected behavior

  • Both return "fields saved"
  • Bonus: if not connected the request without cookies does not update the field

Why

Screenshot/Mockup/Before-After

Part of

Additional context

Type of device

Number of products impacted

Time per product
@hangy
Copy link
Member

hangy commented Feb 18, 2024

It looks like Hunger Games/the browser isn't sending the user's cookies when executing the POST request. Calling the API manually also doesn't work if you're not signed in with an OFF account.

The browser is sending a pretty weird request from the /bug URL, IMHO:

{"withCredentials":true}

I don't think the old product_jqm2.pl API expects a JSON object here. To include credentials, fetch should be called with

{
  credentials: 'include'
}

or

{
  credentials: 'same-origin'
}

in the options parameter.

I think #525 could be better with APIv3, and the old APIs probably won't be changed that drastically for backwards compatibility.

@hangy
Copy link
Member

hangy commented Feb 18, 2024

https://github.com/openfoodfacts/hunger-games/blob/c36df59b2114cbf6b68d8e29f274023c087bbd4a/src/pages/bug/index.tsx#L27-L36

withCredentials is POSTed as the body, but should be an option. Since you're POSTing anyways, maybe remove the data from the URI, and pass it as formData like here?

https://github.com/openfoodfacts/hunger-games/blob/c36df59b2114cbf6b68d8e29f274023c087bbd4a/src/pages/packaging/index.tsx#L201-L204

@alexfauquette
Copy link
Member Author

Thanks for the debug. I may have gone lost wen trying get/post/patch and other to make it works 😅

Effectively, it works better with the formData on the new API. I still need to fix some error. I will close the issue when done 👍

@alexfauquette
Copy link
Member Author

Thanks for the help, it's working now 👍 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hangy @alexfauquette