Simple auth data-adapter-mixin does not set headers with Ember 3.13 and no jQuery

[kredde]

I updated Ember to 3.13 (including ember-data, using ember-cli-update) and disabled the jQuery integration. In the Adapter I was using the authorize function to set the token, like this:

 authorize(xhr) {
    const { access_token } = get(this, 'session.data.authenticated');
    xhr.setRequestHeader('Authorization', `Bearer ${access_token}`);
  },

Since this function is no longer called when using ember-fetch, I replaced it with the headers computed property, as mentioned in the DOC.

headers: computed('session.data.authenticated.access_token', {
    get() {
      const headers = {};

      if (this.session.isAuthenticated) {
        headers['Authorization'] = `Bearer ${this.session.data.authenticated.access_token}`;
      }

      return headers;
    }
  })

When the user is logged in the headers are set correctly. But if I logout in another tab and refresh the old tab into which I was logged in, the request is sent without headers. Even the origin header is omitted and therefore the request is blocked by the browser (CORS) since we have Access-Control set up.

I have also tried to overwrite the ajaxOptions to set the headers and set the fetch credentials property to include to allow CORS request, but it didn't work either.

[adambedford]

I'm running into this exact issue too. I'm not even sure it's the fault of ember-simple-auth... Effectively we can't get a new app deployed since we're not able to set the Access-Control-Allow-Origin header added to the unauthenticated requests.

[marcoow]

Closing this as all mixins are deprecated now – see #2198