fix: add X-CSRF-Token header to handle other versions of gitlab

it's good that I'm able to test on other environments too (this was needed on self-hosted GitLab Community edition)
jdalrymple · Sep 30, 2020 · 53bdc4e · 53bdc4e
1 parent 85078b3
commit 53bdc4e
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/packages/gitbeaker-requester-utils/src/BaseService.ts b/packages/gitbeaker-requester-utils/src/BaseService.ts
@@ -85,8 +85,20 @@ export class BaseService {
         gitlabCSRFTokenValue,
       } = nativeAuth;
 
+      /**
+       *
+       * step 1 - handle CSRF
+       *
+       * some gitlab instances need the CSRF token to be added via the body,
+       * and some need the `X-CSRF-Token` header. We handle both.
+       */
       this.additionalBody = { ...this.additionalBody, [gitlabCSRFTokenKey]: gitlabCSRFTokenValue };
 
+      this.headers['X-CSRF-Token'] = gitlabCSRFTokenValue;
+
+      /**
+       * step 2 - handle the session cookie
+       */
       if (!this.headers.cookie) {
         this.headers.cookie = 'cookie: ';
       }