added disable_cookies as default for api actions #535
Conversation
There was a problem hiding this comment.
I'm not sure about this one. It would make sense if you have an API only app where let's say the client is a mobile app or something, right? You wouldn't need cookies or sessions or anything because that's all handled on the mobile app side. But what if you have a full lucky app where your front-end is basically a react app, and it calls back to an API for everything? I'm thinking in that case you would want access to cookies and sessions. Though, I guess some people might build their react app using say CRA, and have the API separate which then goes back to the first example....
I'm wondering which is the more common use case here 🤔 I guess it is easier to remove this line than to dig through docs figuring out how to add it... so maybe this is good. 😅 I'll defer to Paul for this
| @@ -1,5 +1,6 @@ | |||
| # Include modules and add methods that are for all API requests | |||
| abstract class ApiAction < Lucky::Action | |||
| disable_cookies | |||
There was a problem hiding this comment.
Can we add a little comment on what this is removing? It removes sessions too, doesn't it?
There was a problem hiding this comment.
Added comment @jwoertink - feel free to change it to something better :)
There was a problem hiding this comment.
Thanks for catching this and adding it. It makes sense to disable cookies by default IMO! Is this right that "Cookie header will still be sent"? I thought the header wouldn't be sent if cookies are disabled?
There was a problem hiding this comment.
@paulcsmith you are right. I must have been confused of the request headers. I changed the comment now.
Feel free to merge it if it looks good :)
|
@jwoertink Now API action's current user is using JWT as default and should not need cookies and sessions. If they want to use API action with cookies and sessions they would need to use the module as in the Browser action anyway. Like in API Action we include: But in browser action we include: I can add comments for it though to know why it is there and can be removed if they want to use session and cookies (they would need to change |
|
Ah, that makes sense. 👍 |
Added disable cookies as default for API actions