Migrate Axios Captcha Interceptor to be globally registered and using headers as well [RUN ALL RSPEC] [RUN AS-IF-FOSS]
What does this MR do?
With !53941 (merged) we introduced an axios interceptor to handle Captchas in case potential SPAM is detected: !53941 (merged) Currently it still manipulates the data when retrying the request and needs to be registered locally.
With !56879 (merged) we created a global "interceptor" for a similar kind of Captcha handling for GraphQL requests. It is globally registered and uses headers instead of manipulating the data.
That Apollo based interceptor/link was then used to create a new spam protection concern, to be usable in GraphQL mutations: !56190 (merged)
Thus, this MR refactor the axios interceptor to:
- be registered globally, like the
apolloCaptchaLink
(1) - use headers as well, like the
apolloCaptchaLink
(2) - Be easily included in the frontend with simply a single import statement, like the
apolloCaptchaLink
(3) (this was already the case)
See also the documentation for Axios interceptors:
This MR also includes removal of logic around issue update passing spam params (captcha response and spam log ID) as params, since it will now automatically pass them as headers. The only remaining legacy usage of passing them via params is in issue create.
Screenshots (strongly suggested)
No screenshots, it's just normal CAPTCHA behavior, but see the testing section below for details on how to test CAPTCHAs locally.
Does this MR meet the acceptance criteria?
Conformity
-
I have included changelog trailers, or none are needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides. -
This change is backwards compatible across updates, or this does not apply.
Availability and Testing
See the testing section of the CAPTCHA epic for detailed instructions on how to test spam/CAPTCHA in a dev environment.
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) -
I have tested this MR in all supported browsers, or it's not needed. -
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.