Support Headers objects.

RubenVerborgh · RubenVerborgh · commit e53b509cabc6 · 2019-11-01T22:25:58.000+01:00
Fixes #141
diff --git a/src/__test__/solid-auth-client.spec.js b/src/__test__/solid-auth-client.spec.js
@@ -586,7 +586,7 @@ describe('fetch', () => {
     expect(resp.status).toBe(200)
   })
 
-  it('merges request headers with the authorization header', async () => {
+  it('merges an object of request headers with the authorization header', async () => {
     await saveSession(window.localStorage)(fakeSession)
 
     nock('https://third-party.com')
@@ -606,6 +606,28 @@ describe('fetch', () => {
     expect(resp.status).toBe(200)
   })
 
+  it('merges a Header object with the authorization header', async () => {
+    await saveSession(window.localStorage)(fakeSession)
+
+    nock('https://third-party.com')
+      .get('/private-resource')
+      .reply(401, '', { 'www-authenticate': 'Bearer scope="openid webid"' })
+      .get('/private-resource')
+      .matchHeader('accept', 'text/plain')
+      .matchHeader('authorization', matchAuthzHeader('https://third-party.com'))
+      .reply(200)
+
+    const resp = await instance.fetch(
+      'https://third-party.com/private-resource',
+      {
+        headers: {
+          entries: () => [['accept', 'text/plain']]
+        }
+      }
+    )
+    expect(resp.status).toBe(200)
+  })
+
   it('does not resend with credentials if the www-authenticate header is missing', async () => {
     expect.assertions(1)
     await saveSession(window.localStorage)(fakeSession)
diff --git a/src/webid-oidc.js b/src/webid-oidc.js
@@ -219,14 +219,20 @@ export async function fetchWithCredentials(
   input: RequestInfo,
   options?: RequestOptions
 ): Promise<Response> {
-  const popToken = await PoPToken.issueFor(toUrlString(input), session)
-  const authenticatedOptions = {
-    ...options,
-    credentials: 'include',
-    headers: {
-      ...(options && options.headers ? options.headers : {}),
-      authorization: `Bearer ${popToken}`
+  // Create a copy of the headers
+  const headers = {}
+  if (options && options.headers) {
+    const entries =
+      typeof options.headers.entries === 'function'
+        ? options.headers.entries()
+        : Object.entries(options.headers)
+    for (const [name, value] of entries) {
+      headers[name] = value
     }
   }
-  return fetch(input, authenticatedOptions)
+
+  // Add Authorization header
+  const popToken = await PoPToken.issueFor(toUrlString(input), session)
+  headers.authorization = `Bearer ${popToken}`
+  return fetch(input, { ...options, credentials: 'include', headers })
 }
