Use credentialed requests for password updates (#200)

Swap `apiClient.put` for `makeCredentialHTTPRequest` in `auth.changePassword` and `auth.resetPassword`. This should allow those client methods to work even when the client and the API are not on the same origin eg. when using the staging API.
zooniverse · Feb 22, 2023 · 6e8b452 · 6e8b452
1 parent e0dc79d
commit 6e8b452
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/lib/auth.js b/lib/auth.js
@@ -254,7 +254,8 @@ const authClient = new Model({
             },
           };
 
-          return apiClient.put('/../users', data, config.jsonHeaders)
+          const url = config.host + '/users';
+          return makeCredentialHTTPRequest('PUT', url, data, config.jsonHeaders)
             .then(function() {
               // Resetting the password changes the underlying cookie session data
               // need to sign out and back in to refresh
@@ -297,7 +298,8 @@ const authClient = new Model({
         },
       };
 
-      return apiClient.put('/../users/password', data, config.jsonHeaders);
+      const url = config.host + '/users/password';
+      return makeCredentialHTTPRequest('PUT', url, data, config.jsonHeaders);
     }.bind(this));
   },