From f3a16bca3ff6839b25baf86d0a0e96f63139efe9 Mon Sep 17 00:00:00 2001
From: Stephen Smith <stephen@curii.com>
Date: Mon, 6 Mar 2023 10:42:25 -0500
Subject: [PATCH] 19899: Change webdav default config field to private, add
 getters and setters to prevent accidentally overwriting headers

Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
---
 src/common/webdav.ts                           | 18 +++++++++++++++---
 .../collection-panel-files.tsx                 | 11 ++++++-----
 .../collection-service/collection-service.ts   |  6 +++---
 src/services/services.ts                       | 11 +++++------
 4 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/src/common/webdav.ts b/src/common/webdav.ts
index d4f904ae..bb8a68bd 100644
--- a/src/common/webdav.ts
+++ b/src/common/webdav.ts
@@ -6,17 +6,29 @@ import { customEncodeURI } from "./url";
 
 export class WebDAV {
 
-    defaults: WebDAVDefaults = {
+    private defaults: WebDAVDefaults = {
         baseURL: '',
-        headers: {},
+        headers: {
+            'Cache-Control': 'must-revalidate'
+        },
     };
 
     constructor(config?: Partial<WebDAVDefaults>, private createRequest = () => new XMLHttpRequest()) {
         if (config) {
-            this.defaults = { ...this.defaults, ...config };
+            this.defaults = {
+                ...this.defaults,
+                ...config,
+                headers: {
+                    ...this.defaults.headers,
+                    ...config.headers
+                },
+            };
         }
     }
 
+    getBaseUrl = (): string => this.defaults.baseURL;
+    setAuthorization = (token?) => this.defaults.headers.Authorization = token;
+
     propfind = (url: string, config: WebDAVRequestConfig = {}) =>
         this.request({
             ...config, url,
diff --git a/src/components/collection-panel-files/collection-panel-files.tsx b/src/components/collection-panel-files/collection-panel-files.tsx
index 2ba29d44..08944d40 100644
--- a/src/components/collection-panel-files/collection-panel-files.tsx
+++ b/src/components/collection-panel-files/collection-panel-files.tsx
@@ -233,11 +233,12 @@ export const CollectionPanelFiles = withStyles(styles)(connect((state: RootState
     const { classes, onItemMenuOpen, onUploadDataClick, isWritable, dispatch, collectionPanelFiles, collectionPanel } = props;
     const { apiToken, config } = props.auth;
 
-    const webdavClient = new WebDAV();
-    webdavClient.defaults.baseURL = config.keepWebServiceUrl;
-    webdavClient.defaults.headers = {
-        Authorization: `Bearer ${apiToken}`
-    };
+    const webdavClient = new WebDAV({
+        baseURL: config.keepWebServiceUrl,
+        headers: {
+            Authorization: `Bearer ${apiToken}`
+        },
+    });
 
     const webDAVRequestConfig: WebDAVRequestConfig = {
         headers: {
diff --git a/src/services/collection-service/collection-service.ts b/src/services/collection-service/collection-service.ts
index d08e7899..1a03d8da 100644
--- a/src/services/collection-service/collection-service.ts
+++ b/src/services/collection-service/collection-service.ts
@@ -93,9 +93,9 @@ export class CollectionService extends TrashableResourceService<CollectionResour
     }
 
     extendFileURL = (file: CollectionDirectory | CollectionFile) => {
-        const baseUrl = this.webdavClient.defaults.baseURL.endsWith('/')
-            ? this.webdavClient.defaults.baseURL.slice(0, -1)
-            : this.webdavClient.defaults.baseURL;
+        const baseUrl = this.webdavClient.getBaseUrl().endsWith('/')
+            ? this.webdavClient.getBaseUrl().slice(0, -1)
+            : this.webdavClient.getBaseUrl();
         const apiToken = this.authService.getApiToken();
         const encodedApiToken = apiToken ? encodeURI(apiToken) : '';
         const userApiToken = `/t=${encodedApiToken}/`;
diff --git a/src/services/services.ts b/src/services/services.ts
index 2afb843f..4e4a682e 100644
--- a/src/services/services.ts
+++ b/src/services/services.ts
@@ -39,14 +39,12 @@ export function setAuthorizationHeader(services: ServiceRepository, token: strin
     services.apiClient.defaults.headers.common = {
         Authorization: `Bearer ${token}`
     };
-    services.webdavClient.defaults.headers = {
-        Authorization: `Bearer ${token}`
-    };
+    services.webdavClient.setAuthorization(`Bearer ${token}`);
 }
 
 export function removeAuthorizationHeader(services: ServiceRepository) {
     delete services.apiClient.defaults.headers.common;
-    delete services.webdavClient.defaults.headers.common;
+    services.webdavClient.setAuthorization(undefined);
 }
 
 export const createServices = (config: Config, actions: ApiActions, useApiClient?: AxiosInstance) => {
@@ -57,8 +55,9 @@ export const createServices = (config: Config, actions: ApiActions, useApiClient
     const apiClient = useApiClient || Axios.create({ headers: {} });
     apiClient.defaults.baseURL = config.baseUrl;
 
-    const webdavClient = new WebDAV();
-    webdavClient.defaults.baseURL = config.keepWebServiceUrl;
+    const webdavClient = new WebDAV({
+        baseURL: config.keepWebServiceUrl
+    });
 
     const apiClientAuthorizationService = new ApiClientAuthorizationService(apiClient, actions);
     const authorizedKeysService = new AuthorizedKeysService(apiClient, actions);
-- 
2.30.2