From 37364ecd7e8453ab690a6e3a2e27bb2014b43d62 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Tue, 3 Oct 2017 09:18:19 -0400
Subject: [PATCH] back to access_token for safari for now

---
 src/app/config.js | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/app/config.js b/src/app/config.js
index c8f1e4d0b41..20fb36f6ae0 100644
--- a/src/app/config.js
+++ b/src/app/config.js
@@ -11,11 +11,24 @@ angular
 
         $qProvider.errorOnUnhandledRejections(false);
         $locationProvider.hashPrefix('');
-        jwtOptionsProvider.config({
+
+        var jwtConfig = {
             // Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
             authHeader: 'Content-Language',
             whiteListedDomains: appSettings.whitelistDomains
-        });
+        };
+
+        // Safari doesn't work with unconventional "Content-Language" header for CORS.
+        // See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+        var userAgent = navigator.userAgent.toLowerCase();
+        if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
+            jwtConfig = {
+                urlParam: 'access_token',
+                whiteListedDomains: appSettings.whitelistDomains
+            };
+        }
+
+        jwtOptionsProvider.config(jwtConfig);
         var refreshPromise;
         jwtInterceptorProvider.tokenGetter = /*@ngInject*/ function (options, tokenService, authService) {
             if (options.url.indexOf(appSettings.apiUri) !== 0) {