In the API, cockpit instructs to use token in every fetch. as such :
fetch('/api/cockpit/authUser?token=xxtokenxx', {
method: 'post',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
and
fetch('/api/collections/get/posts?token=xxtokenxx') .then(res=>res.json()) .then(res => console.log(res));
I wonder if there is a way to declare the token once and for all instead of copying it in all actions.
Cockpit needs to verify that your request is legal and valid so you won’t come around sending the token along each time you request data.
The only option to achieve your goal would be to write an addon that stores request authorization and their ACLs into some kind of server-side session that is bound by the requester IP; but lately this concept won’t make any sense at all (because every now and then the token would have to expire which would require you to resend it to cockpit in order to re-auth your self. But for you never know when this will happen you would either have to write complicted auth token stuff (which I admit is relatively easy possible with laravel) or you would need to send the token along anyway. Both options are not really what sounds that nice to me.
Besides this would torn a security vulnerability into your cockpit instance)
So just try to not make it more complicated as it needs to be - just put your API key into a variable that can easily be sent along with the request.
Of course you can also define some default post data structure that is only extended with some dedicated request stuff and then send this sweet extended package along with the request.
If you would like to do so see how you extend objects in the language you chose for implementing your app that uses cockpit.
1 Like