Merge pull request #16956 from overleaf/jpa-anon-access-token

[web] read anonymous access token header from joinProject endpoint only GitOrigin-RevId: 4f8f60c23dc93cc2b02a429bd5492d8a931ae284
2026-05-25 02:00:10 +02:00 · 2024-02-07 08:59:32 +00:00
parent 67ed54151a
commit acfa2d781f
2 changed files with 4 additions and 6 deletions
--- a/services/web/app/src/Features/Editor/EditorHttpController.js
+++ b/services/web/app/src/Features/Editor/EditorHttpController.js
@@ -8,7 +8,6 @@ const CollaboratorsGetter = require('../Collaborators/CollaboratorsGetter')
 const CollaboratorsInviteHandler = require('../Collaborators/CollaboratorsInviteHandler')
 const CollaboratorsHandler = require('../Collaborators/CollaboratorsHandler')
 const PrivilegeLevels = require('../Authorization/PrivilegeLevels')
-const TokenAccessHandler = require('../TokenAccess/TokenAccessHandler')
 const SessionManager = require('../Authentication/SessionManager')
 const Errors = require('../Errors/Errors')
 const DocstoreManager = require('../Docstore/DocstoreManager')
@@ -178,7 +177,7 @@ async function _buildJoinProjectView(req, projectId, userId) {
    await CollaboratorsGetter.promises.getInvitedMembersWithPrivilegeLevels(
      projectId
    )
-  const token = TokenAccessHandler.getRequestToken(req, projectId)
+  const token = req.headers['x-sl-anonymous-access-token']
  const privilegeLevel =
    await AuthorizationManager.promises.getPrivilegeLevelForProject(
      userId,
--- a/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
+++ b/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
@@ -213,10 +213,9 @@ const TokenAccessHandler = {

  getRequestToken(req, projectId) {
    const token =
-      (req.session &&
-        req.session.anonTokenAccess &&
-        req.session.anonTokenAccess[projectId.toString()]) ||
-      req.headers['x-sl-anonymous-access-token']
+      req.session &&
+      req.session.anonTokenAccess &&
+      req.session.anonTokenAccess[projectId.toString()]
    return token
  },