Move user credentials into HTTP request headers to prevent them being logged in the server logs

webassets/js/spots.js

@@ -20,7 +20,7 @@ function loadSpots() {
     }
 
     // Make the new query
-    $.getJSON('/api/v2/spots' + buildQueryString(false), function (jsonData) {
+    $.ajax({url: '/api/v2/spots' + buildQueryString(), dataType: 'json', headers: getCredentialHeaders(), success: function (jsonData) {
         // Store data
         spots = jsonData;
         // Update table
@@ -30,7 +30,7 @@ function loadSpots() {
         if (run) {
             startSSEConnection();
         }
-    });
+    }});
 }
 
 // Start an SSE connection (closing an existing one if it exists). This will then be used to add to the table on the
@@ -39,7 +39,7 @@ function startSSEConnection() {
     if (evtSource != null) {
         evtSource.close();
     }
-    evtSource = new EventSource('/api/v2/spots/stream' + buildQueryString(true));
+    evtSource = new EventSource('/api/v2/spots/stream' + buildQueryString());
 
     evtSource.onmessage = function (event) {
         // Get the new spot
@@ -86,7 +86,7 @@ function startSSEConnection() {
 }
 
 // Build a query string for the API, based on the filters that the user has selected.
-function buildQueryString(includeCredentials) {
+function buildQueryString() {
     let str = "?";
     ["dx_continent", "de_continent", "mode", "source", "band", "sig"].forEach(fn => {
         if (!allFilterOptionsSelected(fn)) {
@@ -97,9 +97,6 @@ function buildQueryString(includeCredentials) {
     if ($("#search").val() !== "") {
         str = str + "&text_includes=" + encodeURIComponent($("#search").val());
     }
-    if (includeCredentials) {
-        str = str + getCredentialQueryString();
-    }
     return str;
 }