These tags are preserved by the Closure compiler and vulcanize in order
to serve the license notices embedded in the outputs. In a standalone
Gerrit server, these license are also covered in the LICENSES.txt served
with the documentation. When serving PG assets from a CDN, it's less
obvious what the corresponding LICENSES.txt file is, since the CDN is
not directly linked to a running Gerrit server. Safer to embed the
licenses in the assets themselves.
Change-Id: Id1add1451fad1baa7916882a6bda02c326ccc988
Gerrit requests which use access_token authentication require a
content-type header and ct param for all POST/PUT/DELETE requests
even when there is no body.
Change-Id: Ia21bd79b02e8fb1f28bed1cfb874b4d0533ec5fa
This change removes gr-gapi-auth and merge gr-gerrit-auth into one
gr-auth static API, exposed as Gerrit.Auth to enable cross-domain
configuration for embedded scenario.
Apparently, Google Platform JS library shares state across instances,
and as a result for embedded use case PolyGerrit requesting OAuth
sequence breaks other instances. To mitigate that, this change provides
an interface similar to Gerrit.Nav for setting OAuth access tokens.
``` js
Gerrit.Auth.setup(getToken, defaultOptions)
```
Gerrit.Auth.setup takes following parameters:
- getToken takes a function that returns Promise resolving to full token
object (including `access_token` and `expires_at` properties)
- defaultOptions may contain `credentials` fetch option that will be
used for all HTTP requests if provided
With the access_token PolyGerrit uses Gerrit's "faster CORS":
- REST API endpoints are prefixed with /a/ (after base url)
- access_token is added as URL param
- all but GET requests are made as POST
- POST requests have Content-Type as text/plain
- $ct URL param presents actual Content-Type
- $m URL param presents actual Cotnent-Type
Change-Id: I860bb84b30a2259d750a2239b7713c019b89b0e0
