Skip to content

Migrate Axios Captcha Interceptor to be globally registered and using headers as well [RUN ALL RSPEC] [RUN AS-IF-FOSS]

Chad Woolley requested to merge axios-captcha-interceptor into master

What does this MR do?

With !53941 (merged) we introduced an axios interceptor to handle Captchas in case potential SPAM is detected: !53941 (merged) Currently it still manipulates the data when retrying the request and needs to be registered locally.

With !56879 (merged) we created a global "interceptor" for a similar kind of Captcha handling for GraphQL requests. It is globally registered and uses headers instead of manipulating the data.

That Apollo based interceptor/link was then used to create a new spam protection concern, to be usable in GraphQL mutations: !56190 (merged)

Thus, this MR refactor the axios interceptor to:

  1. be registered globally, like the apolloCaptchaLink (1)
  2. use headers as well, like the apolloCaptchaLink (2)
  3. Be easily included in the frontend with simply a single import statement, like the apolloCaptchaLink (3) (this was already the case)

See also the documentation for Axios interceptors:

This MR also includes removal of logic around issue update passing spam params (captcha response and spam log ID) as params, since it will now automatically pass them as headers. The only remaining legacy usage of passing them via params is in issue create.

Screenshots (strongly suggested)

No screenshots, it's just normal CAPTCHA behavior, but see the testing section below for details on how to test CAPTCHAs locally.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

See the testing section of the CAPTCHA epic for detailed instructions on how to test spam/CAPTCHA in a dev environment.

Related epics, issues, and MRs

Edited by Chad Woolley

Merge request reports

Loading