This commit updates the `provideHttpClient` function to return the `EnvironmentProviders` instead of a regular `Provider[]`, to make sure that the `provideHttpClient` can only be used where an environment is being setup.
PR Close#47758
`HttpXsrfTokenExtractor` allows returning `string|null` for an XSRF token,
and the interceptor checked if the returned token is `null`. However, some
implementations return `undefined` instead (behind an `any`) type, which
caused the interceptor to crash when trying to set an `undefined` value for
the header.
This commit makes the XSRF interceptor a little more resilient against such
broken implementations of the `HttpXsrfTokenExtractor` interface.
PR Close#47683
This commit deletes a sentence from the `HttpClientJsonpModule` docs which
was accidentally copy-pasted from the docs for another symbol.
PR Close#47502
Ordinarily, providing `HttpClient` (either via `provideHttpClient` or the
`HttpClientModule`) creates an entirely separate HTTP context. Requests made
via that client are not passed through the interceptor chains that are
configured in a parent injector, for this example.
This commit introduces a new option for `provideHttpClient` called
`withRequestsMadeViaParent()`. When this option is passed, requests made in
the child context flow through any injectors, etc. and are then handed off
to the parent context.
This addresses a longstanding issue with interceptors where it's not
possible to extend the set of interceptors in a child context without
repeating all of the interceptors from the parent.
PR Close#47502
This commit introduces a new feature for `provideHttpClient` called
`withInterceptors`. This feature exposes and configures the new concept of
functional interceptors.
Functional interceptors use functions instead of classes to implement an
HTTP interceptor. Such interceptor functions have access to the DI context
from the `EnvironmentInjector` in which they're configured via the
`inject()` function. Otherwise, functional interceptors are identical in
capability to the existing interceptor system.
PR Close#47502
This commit converts `HttpClientModule` to use `provideHttpClient()`
internally, with a particular configuration of features. Other NgModules
related to configuring `HttpClient` are also converted to use the providers
directly from various features, to ensure consistency of behavior.
PR Close#47502
This commit introduces the main components of the `provideHttpClient()`
provider API, designed in the style of `provideRouter()`. Initial features
are defined for including legacy class-based interceptors, JSONP support,
and configuring or disabling the builtin XSRF protection.
This API is an alternative to providing `HttpClient` via the
`HttpClientModule`, and is more tree-shakable and more capable than the
NgModule implementation.
Tests are included to validate the new configuration format as well as the
interoperability of the two styles of providing and configuring
`HttpClient`.
PR Close#47502
This commit introduces the `provideHttpClientTesting()` function as an
alternative to the `HttpClientTestingModule` (in fact, the NgModule is
converted internally to just use the new provider function).
PR Close#47502
This commit switches the XSRF configuration tokens (for header name and
cookie name) to be `providedIn: 'root'`. This is a no-op change now as they
are always provided along with any usage of them via `HttpClientModule`, but
will become load-bearing as the `provideHttpClient` API will not provide
these tokens, and will rely on injecting them from either the parent context
or from these root providers.
PR Close#47502
@angular/common/http has XSRF protection which is enabled by default and is
implemented as an interceptor. Previously, this protection could be disabled
with an API which would internally provide a `NoopInterceptor` in place of
the standard XSRF interceptor.
To achieve the same capability of disabling the XSRF interceptor after it is
converted to the functional style, an InjectionToken is added in this commit
which disables the XSRF interceptor. This way, the interceptor can be
disabled in place without needing to override it via DI (which is difficult
for functional interceptors).
PR Close#47502
This commit rewrites the JSONP interceptor to use the functional interceptor
style internally, while still maintaining the same public API and behavior.
PR Close#47502
This commit introduces a new DI token for the set of functional
interceptors. This is a no-op in terms of behavior currently, but will allow
for the deduplication of the bridge interceptor which connects legacy class-
based interceptors to the functional interceptor chain.
PR Close#47502
This commit introduces new types and symbols related to functional HTTP
interceptors - interceptors which are plain functions with access to DI via
the `inject()` operation.
This new form of interceptor is not exposed publically in this commit, but
the legacy class-based interceptors are refactored to be built on top of the
new API internally.
PR Close#47502
Before this commit, when initializing `HttpParams` with:
const body = new HttpParams({fromObject: {b: 2}});
then `body.get('b')` returned `2` instead of `'2'` as expected.
This commit makes sure the values are converted to strings in such cases.
Fixes#42641
PR Close#42643
Speeds up the dev-turnaround by only bundling types when packaging. Currently
bundling occurs for all the `ng_module` targets in devmode.
This has various positive benefits:
* Avoidance of this rather slower operation in development
* Makes APF-built packages also handle types for `ts_library` targets consistently.
* Allows us to ensure APF entry-points have `d.ts` _always_ bundled (working with ESM
module resolution in TypeScript -- currently experimental)
* Allows us to remove the secondary `package.json` files from APF (maybe APF v14? - seems
low-impact). This would clean-up the APF even more and fix resolution issues (like in Vite)
PR Close#45405
Servers always decode + as a space, which is undesirable when one
actually wants to query for a plus.
BREAKING CHANGE:
Queries including + will now actually query for + instead of space.
Most workarounds involving custom codecs will be unaffected.
Possible server-side workarounds will need to be undone.
Fixes angular#11058
PR Close#45111
Updates us to version 4.0 of Jasmine and fixes some errors that were the result of us depending upon deprecated APIs. We need to do this both to stay up to date and because it was going to break eventually, because one of the Bazel packages was logging a deprecation warning that version 4.0 was required.
There were also some cases where the state of `ngDevMode` had started leaking out between tests.
PR Close#45558
Updates us to version 4.0 of Jasmine and fixes some errors that were the result of us depending upon deprecated APIs. We need to do this both to stay up to date and because it was going to break eventually, because one of the Bazel packages was logging a deprecation warning that version 4.0 was required.
There were also some cases where the state of `ngDevMode` had started leaking out between tests.
PR Close#45558
JSONP does not support headers being set on requests. This
enables JSONP to throw an error when headers are supplied
in the request to prevent attempts to set them.
BREAKING CHANGE: JSONP will throw an error when headers are set on a reques
JSONP does not support headers being set on requests. Before when
a request was sent to a JSONP backend that had headers set the headers
were ignored. The JSONP backend will now throw an error if it
receives a request that has any headers set. Any uses of JSONP
on requests with headers set will need to remove the headers
to avoid the error.
Closes#9141
PR Close#45210
This commit fixes a use-case where unsubscribing from a JSONP request will result in "Uncaught ReferenceError: ng_jsonp_callback_xy is not defined"
thrown into console. Unsubscribing won't remove its associated callback function because the requested script will finish
loading anyway and will try to call the handler.
PR Close#34818
PR Close#36807
When `HttpTestingController.verify` is used to verify that there are not open,
unexpected requests it would throw an error with the method and URL of all pending
requests, excluding the query parameters. This is confusing, as e.g. `expectOne`
matches a URL including its query parameters and `expectOne` does include the
query parameters when it reports when no request could be matched.
This commit changes the error that is reported by `verify` to include the query
parameters.
Closes#19974
PR Close#44917
To make our test output i.e. devmode output more aligned
with what we produce in the NPM packages, or to be more
aligned with what Angular applications will usually consume,
the devmode output is switched from ES5 to ES2015.
Additionally various tsconfigs (outside of Bazel) have been
updated to match with the other parts of the build. The rules
are:
ES2015 for test configurations, ES2020 for actual code that will
end up being shipped (this includes the IDE-only tsconfigs).
PR Close#44505
Currently the `HttpClient` always wraps errors from XHR requests, but
the underlying errors are always of type `ProgressEvent`, or don't have
a native error if the status code is just indicating failure (e.g. 404).
This behavior does not match in the `TestRequest` class provided by
`@angular/common/http/testing` where errors are considered being
of type `ErrorEvent`. This is incorrect because `ErrorEvent`s provide
information for errors in scripts or files which are evaluated. Since
the `HttpClient` never evaluates scripts/files, and also since XHR requests
clearly are documented to emit `ProgressEvent`'s, we should change the
`TestSupport` to retrieve such `ProgressEvent`'s instead of incompatible
objects of type `ErrorEvent`.
In favor of having a deprecation period, we keep supporting `ErrorEvent`
in the `TestRequest.error` signature. Eventually, we can remove this
signature in the future.
Resources:
* https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/error_event
* https://developer.mozilla.org/en-US/docs/Web/API/ErrorEvent
* https://xhr.spec.whatwg.org/#event-xhr-errpr
Related to: https://github.com/angular/angular/issues/34748.
DEPRECATED: `TestRequest` from `@angular/common/http/testing` no longer
accepts `ErrorEvent` when simulating XHR errors. Instead instances of
`ProgressEvent` should be passed, matching with the native browser behavior.
PR Close#36082
At present, the get() method provided by HttpContext will never return null. Sometimes we need to check whether an http token is included, so add the has() method to HttpContext.
PR Close#43887
Introduce two new bazel rules: tsec_test and tsec_config, for
describing the tsec checks and the tsconfig file needed for such
checks, respectively. Currently, tsec_test only checks the srcs
of a ts_library or ng_module. It does not check direct or transitive
dependencies. Also, tsconfig files need to be manually maintained
to make sure tsec can read all necessary input (including global
symbols).
PR Close#43108
tsec is a static analyzer that discovers Trusted Types violations.
Deploy tsec to make sure there will be no TT regression in several
critical packages, including core, platform-browser, platform-server
and their dependencies. Existing violations have been reviewed and
exempted in packages/tsec-exemption.json. Future changes to the
exemption list requires security review.
PR Close#43108
HttpParams uses custom encoding function "standardEncoding" to encode query string preserving specific charachters. This refactoring aims to improve performances and code quality of that function by using a RegExp and a Map object instead of a chain of replace functions.
PR Close#42998
In combination with the TS `noImplicitOverride` compatibility changes,
we also want to follow the best-practice of adding `override` to
members which are implemented as part of abstract classes. This
commit fixes all instances which will be flagged as part of the
custom `no-implicit-override-abstract` TSLint rule.
PR Close#42512
For quite a while it is an unspoken convention to add a trailing
new-line files within the Angular repository. This was never enforced
automatically, but has been frequently raised in pull requests through
manual review. This commit sets up a lint rule so that this is
"officially" enforced and doesn't require manual review.
PR Close#42478
We have some internal proxies for all of the Jasmine functions, as well as some other helpers. This code hasn't been touched in more than 5 years, it can lead to confusion and it isn't really necessary since the same can be achieved using Jasmine.
These changes remove most of the code and clean up our existing unit tests.
PR Close#42177
URLSearch params are by default supported in the browser but are not supported by angular/http package added support for URLSearchParams
Fixes#36317
PR Close#37852
adding optional body for HTTP delete request options. This new param added as an optional so won't break the existing code also provide the capability the send the body when and where it required.
PR Close#41723
The moved `XhrFactory` still needs to be available from `@angular/common/http`
for some libraries that were built prior to 12.0.0, otherwise they cannot be
used in applications built post-12.0.0.
This commit adds back the re-export of `XhrFactory` and deprecates it.
PR Close#41393
With this change we move `XhrFactory` to the root entrypoint of `@angular/commmon`, this is needed so that we can configure `XhrFactory` DI token at a platform level, and not add a dependency between `@angular/platform-browser` and `@angular/common/http`.
Currently, when using `HttpClientModule` in a child module on the server, `ReferenceError: XMLHttpRequest is not defined` is being thrown because the child module has its own Injector and causes `XhrFactory` provider to be configured to use `BrowserXhr`.
Therefore, we should configure the `XhrFactory` at a platform level similar to other Browser specific providers.
BREAKING CHANGE:
`XhrFactory` has been moved from `@angular/common/http` to `@angular/common`.
**Before**
```ts
import {XhrFactory} from '@angular/common/http';
```
**After**
```ts
import {XhrFactory} from '@angular/common';
```
Closes#41311
PR Close#41313
