fix: platformSelf to send cookies and append f=json in url

[dbouwman]

Update the recently added platformSelf function to send cookies as well as ?f=json in the url.

The latter should be a short-term fix as the API should not require it, but currently it will 405 on the OPTIONS pre-flight if that's no in the url as shown

[codecov]

Codecov Report

Merging #778 (da5a207) into master (2d36c52) will not change coverage.
The diff coverage is 100.00%.

@@            Coverage Diff            @@
##            master      #778   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files          120       120           
  Lines         1915      1915           
  Branches       325       325           
=========================================
  Hits          1915      1915           

Impacted Files	Coverage Δ
packages/arcgis-rest-auth/src/app-tokens.ts	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2d36c52...ed81919. Read the comment docs.

[noahmulfinger]

@dbouwman @tomwayson Is this setup working for you? request doesn't pass through the credentials property as far as I can tell.

[tomwayson]

good catch @noahmulfinger. I didn't try it, myself.

Looks like he's right @dbouwman:

arcgis-rest-js/packages/arcgis-rest-request/src/request.ts

Line 257 in b978605

credentials: "same-origin"

[dbouwman]

Thanks @noahmulfinger - the issue is that it's pretty difficult to setup to actually test this fn. I was able to verify that the api works using fetch devtools in a tab on a page where the esri_aopc cookie is set, but I have not created an actual test app using rest-js yet. I'll have to puzzle this a bit... I think we can use the credential value if passed... but I need to verify with the API team how/if/?? should happen in IWA scenarios with this particular function.

[tomwayson]

@dbouwman @noahmulfinger I wonder if we can use the existence of headers that start w/ "X-Esri-Auth-" as the signal to request() that it should set credentials: "include"?

Rather than introduce any new properties on IRequestOptions.

[noahmulfinger]

That seems reasonable. Another option would be adding a fetchOptions param or something similar. That way we could allow extra overrides for any future edge cases like this.