Search code examples
angularjsrestangular

How to change one route's Http field "withCredentials" to FALSE


As part of a new registration form I am building right now, I need to pull a list of all available "Institutions" I have available at the time so that the user can tell me which one that they are registering for.

In the backend policies, I have set the controller action to be public:

InstitutionController: {
     // Some other policies I edited out
    'all': true
},

The controller is your standard "get all of objects" controller action.

all: function (req, res) {
    Institution
        .find()
        .exec(function (err, institutions) {
            if (err) { return res.json(err.status, err); }
            return res.json(institutions);
        });
},

So on the AngularJS frontend, I should be able to use Institutions.all() in my controller even before the user is logged in. This would be the case, however on the backend passport is trying to serialize and deserialize the (non-existent) user before it will perform this method.

Therefore, I get this error over at the API console:

error: Server Error:
error: Error: Failed to deserialize user out of session
at pass (/home/zacharyhustles/texasca-API/node_modules/passport/lib/authenticator.js:340:19)
at deserialized (/home/zacharyhustles/texasca-API/node_modules/passport/lib/authenticator.js:345:7)
at bound (/home/zacharyhustles/texasca-API/node_modules/lodash/dist/lodash.js:957:21)
.......

How might I avoid passport serializing and deserializing the user when I try to perform this controller method InstitutionController.all()?

UPDATE

The problem is that this request is sending withCredentials: true because my default setting for HTTP fields with restangular is set to true in my application's app.js file:

app.js

RestangularProvider.setDefaultHttpFields({ withCredentials: true });

If I set that to "false" the problem is solved. However, I do want most requests to the server to be sent "withCredentials" so I need a way to make an exception for this one request. As you can see, I am using Restangular in my application, so hopefully I can do this the Restangular way. Does anyone know how to do this?

Best, Zach


Solution

  • I figured it out.

    Restangular has added a way to set custom http fields per request. I have manually set withCredentials : false just for this one request. My modified backend call looks like this now:

    return Restangular.all('institutions')
         .withHttpConfig({ withCredentials: false}).getList();
    

    Before it was.

    return Restangular.all('institutions').getList();