Move user credentials into HTTP request headers to prevent them being logged in the server logs

webassets/js/map.js

@@ -28,7 +28,7 @@ let firstLoad = true;
 
 // Load spots and populate the map.
 function loadSpots() {
-    $.getJSON('/api/v2/spots' + buildQueryString(true), function (jsonData) {
+    $.ajax({url: '/api/v2/spots' + buildQueryString(), dataType: 'json', headers: getCredentialHeaders(), success: function (jsonData) {
         // Store data
         spots = jsonData;
         // Update map
@@ -36,11 +36,11 @@ function loadSpots() {
         if ($("#showTerminator")[0].checked) {
             terminator.setTime();
         }
-    });
+    }});
 }
 
 // Build a query string for the API, based on the filters that the user has selected.
-function buildQueryString(includeCredentials) {
+function buildQueryString() {
     let str = "?";
     ["dx_continent", "de_continent", "mode", "source", "band", "sig"].forEach(fn => {
         if (!allFilterOptionsSelected(fn)) {
@@ -50,9 +50,6 @@ function buildQueryString(includeCredentials) {
     str = str + "max_age=" + $("#max-spot-age option:selected").val();
     // Additional filters for the map view: No dupes, no QRT, only spots with good locations
     str = str + "&dedupe=true&allow_qrt=false";
-    if (includeCredentials) {
-        str = str + getCredentialQueryString();
-    }
     return str;
 }