Authorization on endpoints while using the dev server

[chris...@connexta.com]

How is authorization added to our requests from the frontend? I’m trying to hit an endpoint that I added like so but always get a `403` forbidden back. None of the other places that `fetch` is used seem to add the authorization header. I’m running the dev server and I am logged in. Is it because I added the endpoint while bundle watching `catalog-ui-search`? My endpoint is defined in `QueryApplication`.

fetch('/search/catalog/internal/cql/metacard/transforms')

    .then(response => response.json())

    .then(formats => this.setState({ formats }));

[Garrett Freibott]

The "Authorization" header itself is a cookie so it's included automatically unless you're manually hitting the endpoint from something outside of a browser like with Curl or Postman. The 403 is probably due to CSRF restrictions on things under /search/catalog/internal. Whenever CSRF rejects a request, it logs a cross-site check failure message in in <ddf_home>/data/log/security.log that should say exactly what is missing or wrong from the request, so that would be a good place to check.

The required CSRF headers should be added automatically if you're importing and using the custom fetch client we have here https://github.com/codice/ddf/blob/master/ui/packages/catalog-ui-search/src/main/webapp/react-component/utils/fetch/fetch.tsx

[chris...@connexta.com]

Yep this was my issue. Thanks Garrett