From ea16a98dfef0de33c192e328f151cca39749a488 Mon Sep 17 00:00:00 2001 From: Alex Rickabaugh Date: Thu, 6 Oct 2022 15:35:45 -0700 Subject: [PATCH] fix(http): better handle unexpected `undefined` XSRF tokens (#47683) `HttpXsrfTokenExtractor` allows returning `string|null` for an XSRF token, and the interceptor checked if the returned token is `null`. However, some implementations return `undefined` instead (behind an `any`) type, which caused the interceptor to crash when trying to set an `undefined` value for the header. This commit makes the XSRF interceptor a little more resilient against such broken implementations of the `HttpXsrfTokenExtractor` interface. PR Close #47683 --- packages/common/http/src/xsrf.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/common/http/src/xsrf.ts b/packages/common/http/src/xsrf.ts index b7f9dc8fca0..67db8dcec95 100644 --- a/packages/common/http/src/xsrf.ts +++ b/packages/common/http/src/xsrf.ts @@ -90,7 +90,7 @@ export function xsrfInterceptorFn( const headerName = inject(XSRF_HEADER_NAME); // Be careful not to overwrite an existing header of the same name. - if (token !== null && !req.headers.has(headerName)) { + if (token != null && !req.headers.has(headerName)) { req = req.clone({headers: req.headers.set(headerName, token)}); } return next(req);