import type { ChainableHandler } from "./HandlerChainBuilder"; /** * Some requests may require a no-cors pre-flight (which are allowed to follow redirects) before they can be * successful. * * An example is a federated identity authentication flow, like OpenID Connect or OAuth. In many such schemes, * an unauthenticated request will not include CORs headers. Instead, a redirect to an Identity Provider will be * returned. In order follow this redirect, the Fetch request must be made with "no-cors" mode. * * Once the "no-cors" request is made, redirects are followed resulting in authentication cookies being set on the * original domain. Then, the original request can be retried and the server will authenticate the request and set * proper CORs headers on the response. * * Here's an example request flow, in which the page already has cookies for IdentityProvider.com (if that wasn't * the case, IdentityProvider.com would prompt the user for credentials and the rest of the flow would be the same): * * ``` * WebPage a.com MyServer b.com IdentityProvider c.com * | | | * Original request, | | * unauthenticated: | | * |------------------------>| | * |<--302: c.com, no CORs---| | * | | | * | | | * No CORs headers in | | * response. Retry in | | * "no-cors" mode: | | * |-----"no-cors" mode----->| | * |<--302: c.com, no CORs---| | * | | | * | | | * |------------------IdP cookies------------->| * |<----------302: b.com?token=foo------------| * | | * | | | * |----b.com?token=foo----->| | * |<-302: b.com, set cookie-| | * | | | * | | | * Retry original request, | | * now authenticated: | | * |-----------cookie------->| | * |<-----------200----------| | * | | * ``` */ export declare const createNoCorsRetryingFetchHandler: () => ChainableHandler; //# sourceMappingURL=noCorsRetryingFetchHandler.d.ts.map