-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support referrerPolicy option for transformRequest function when using fetch #12590
Support referrerPolicy option for transformRequest function when using fetch #12590
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense to me and looks like a good addition. We probably can tolerate not having tests for this as this is basically a pass-through to the Fetch API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before we merge, can you also add a doc string above so that it will be reflected in the docs? And add a <changelog>...<changelog>
line to the PR description so that it gets picked up by our changelog drafting tool.
Thanks for the feedback, updated! |
4595855
to
c8fb3c9
Compare
c8fb3c9
to
58cf325
Compare
Hi folks,
we recently had to change the referrer policy on our website to
same-origin
for security reasons. As a result, we are not able to use Mapbox anymore -- the change of policy caused some Mapbox APIs return 403 Forbidden, as the API requires Referer header to be set on requests in order to identify clients, which isn't allowed by our new policy. (see more at https://docs.mapbox.com/accounts/guides/tokens/#requirements-and-limitations)We cannot relax the referrer policy globally (e.g. to
strict-origin-when-cross-origin
), but we can relax it for the specific requests to Mapbox. The solution is to use referrerPolicy option on fetch.This PR adds support for overriding referrer policy by returning it from transformRequest callback function on Map.
Note that this feature only works in browsers that support Fetch API and Request interface.
Related issues:
#10309
#12568
I'd be happy to add some tests but it seems that the underlying testing environment (sinon) doesn't support fetch/Request and the tests use XMLHttpRequest, which doesn't support referrer policy overrides. I tested this manually in the sandbox and also on our website by modifying
mapbox-gl-js
source code in installed node_modules and it works as intended.Launch Checklist
mapbox-gl-js
changelog:<changelog>Support referrerPolicy option for transformRequest function when using fetch</changelog>