wip

src/client.ts

@@ -29,13 +29,13 @@ function getCookieValueFromString(cookiesString: string, name: string) {
     return getCookieValueFromArray(cookies, name);
 }
 
+function hasCookiesSupport(): boolean {
+    return typeof document !== 'undefined' && typeof document.cookie !== 'undefined'
+}
+
 function getCookie(name: string) {
     // When runnnig in node, document is not defined and we can't use cookies
-    if (
-        typeof document !== 'undefined' &&
-        document.cookie &&
-        document.cookie !== ''
-    ) {
+    if (document.cookie !== '') {
         return getCookieValueFromString(document.cookie, name);
     }
     return null;
@@ -105,14 +105,25 @@ function doRequestFetch(
     if (!uri.startsWith('http')) {
         uri = 'http://' + uri;
     }
-    if (method !== 'GET' && !allowsCrossOrigin) {
-        if (csrfToken === null) {
-            csrfToken = getCookie('csrf_token');
+    if (method !== 'GET') {
+        if (hasCookiesSupport()) {
+            if (!allowsCrossOrigin) {
+                if (csrfToken === null) {
+                    csrfToken = getCookie('csrf_token');
+                }
+            } else {
+                // TODO implement CSRF for cross origin in a browser
+            }
         }
-        if (csrfToken !== null) {
-            headers.append('X-CSRF-Token', csrfToken);
+        else {
+            // TODO request base url, grab token, add csrf_token to cookie jar
+            // FIXME what about requestFetchWithCookies and cookie jar???
+            // TODO Origin header
         }
     }
+    if (csrfToken !== null) {
+        headers.append('X-CSRF-Token', csrfToken);
+    }
     return fetch(uri, {
         method: method,
         body: content,