Enable custom headers inside ContentResolver resolveContent

[Shelco]

Hi!

Since the content delivery api backend supports cookie authentication (https://world.optimizely.com/documentation/developer-guides/content-delivery-api/getting-started/authorization-service/) I was thinking it might be nice to include the possibility to add a cookie header via the frontend repository.

I noticed that apiClient.ts accepts optional headers in the get-method, so what if the resolveContent method inside contentResolver.ts could be changed to include optional headers that are sent in to #api? Or maybe the ContentDeliveryConfig could be modified to include getHeaders() (like getAccessToken) and used in the call to #api.get?

(I suppose this applies to contentLoader as well)

What do you think?

[JohanPetersson]

Hi,
Do you want to be able to include a specific cookie value? Cookies are already sent automatically with each request because of this setting https://github.com/episerver/content-delivery-js-sdk/blob/master/src/%40episerver/content-delivery/src/apiClient.ts#L117 (https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials).

[Shelco]

Hi, and thanks for replying so quickly!
You´re right, setting credentials: 'include' does indeed include the cookie header when called from the client. However, I´m making the resolveContent-request from an SSR app (nextjs) and unfortunately the cookie header is not included with credentials set to include. From what I can tell it needs to be set manually by passing the cookie header to the fetch call.

I guess we could create our own resolver inheriting ContentResolver and override resolveContent, but it felt a bit messy copy pasting the entire method. What would you recommend? Is the SDK only meant for client use?

[JohanPetersson]

Got it, and there is no setting in the SSR library that does this automatically? Using cookies when making backend calls seems a bit inconvenient, but if there is no other way of achieving this I guess we need to add a method for this.

The SDK is meant for Node and client-side. But in Node I would imagine one would use JWT/bearer token for authentication.

[Shelco]

I´m afraid there doesn´t seem to be a setting that includes cookies automatically with next.js and a server side fetch call. Fetch needs to add the cookie header manually like this to add the cookies:
headers: { Cookie: 'thecookie' }

Regarding JWT we did a prototype using that, but it felt unneccesarily complicated setting up OpenIdDict, getting a token and keeping a corresponding session on the NextJs server, when we should be fine just passing the cookie if hosting on the same domain.

[Shelco]

So just to clarify, is this something I could create a pull request for?

[JohanPetersson]

We do accept pull requests. Exposing a function for getHeaders() in the config seems reasonable to add. Sorry for the late reply.