Skip to content

Commit

Permalink
fix(http): better handle unexpected undefined XSRF tokens (#47683)
Browse files Browse the repository at this point in the history 
`HttpXsrfTokenExtractor` allows returning `string|null` for an XSRF token,
and the interceptor checked if the returned token is `null`. However, some
implementations return `undefined` instead (behind an `any`) type, which
caused the interceptor to crash when trying to set an `undefined` value for
the header.

This commit makes the XSRF interceptor a little more resilient against such
broken implementations of the `HttpXsrfTokenExtractor` interface.

PR Close #47683
  • Loading branch information
@alxhub @thePunderWoman
alxhub authored and thePunderWoman committed Oct 6, 2022
1 parent 84478f5 commit ea16a98
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion packages/common/http/src/xsrf.ts
View file
Expand Up @@ -90,7 +90,7 @@ export function xsrfInterceptorFn(
const headerName = inject(XSRF_HEADER_NAME);

// Be careful not to overwrite an existing header of the same name.
if (token !== null && !req.headers.has(headerName)) {
if (token != null && !req.headers.has(headerName)) {
req = req.clone({headers: req.headers.set(headerName, token)});
}
return next(req);
Expand Down

0 comments on commit ea16a98

Please sign in to comment.