Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(http): better handle unexpected undefined XSRF tokens #47683

Closed
wants to merge 1 commit into from
Closed

fix(http): better handle unexpected undefined XSRF tokens #47683

wants to merge 1 commit into from

Conversation

alxhub
Copy link
Member

@alxhub alxhub commented Oct 6, 2022

HttpXsrfTokenExtractor allows returning string|null for an XSRF token, and the interceptor checked if the returned token is null. However, some implementations return undefined instead (behind an any) type, which caused the interceptor to crash when trying to set an undefined value for the header.

This commit makes the XSRF interceptor a little more resilient against such broken implementations of the HttpXsrfTokenExtractor interface.

@alxhub
fix(http): better handle unexpected undefined XSRF tokens
d17e478 
`HttpXsrfTokenExtractor` allows returning `string|null` for an XSRF token,
and the interceptor checked if the returned token is `null`. However, some
implementations return `undefined` instead (behind an `any`) type, which
caused the interceptor to crash when trying to set an `undefined` value for
the header.

This commit makes the XSRF interceptor a little more resilient against such
broken implementations of the `HttpXsrfTokenExtractor` interface.
@alxhub alxhub added action: merge The PR is ready for merge by the caretaker area: common/http target: major This PR is targeted for the next major release labels Oct 6, 2022
@ngbot ngbot bot modified the milestone: Backlog Oct 6, 2022
@jessicajaniuk
Copy link
Contributor

This PR was merged into the repository by commit ea16a98.

@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Nov 6, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jessicajaniuk jessicajaniuk jessicajaniuk approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker area: common/http target: major This PR is targeted for the next major release
Projects
None yet
Milestone
Backlog
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@alxhub @jessicajaniuk