fix(authHttpInterceptor): Don't send Auth token for requests to other…

… hosts.
QutEcoacoustics · Oct 29, 2019 · 8128505 · 8128505
1 parent 05270e8
commit 8128505
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/src/components/services/angularHttpAuth.js b/src/components/services/angularHttpAuth.js
@@ -90,10 +90,19 @@ angular
 
             return {
                 request: function request(config) {
+
                     // if an auth token is present
                     if (config.headers[authHeader]) {
-                        // don't do anything
+
+                        var requestUrl = new URL(config.url, paths.api.root);
+                        // if we are requesting to a different host, don't send the authHeader
+                        if (requestUrl.origin !== paths.api.root) {
+                            delete config.headers.Authorization;
+                        }
+
+                        // don't do anything else
                         return config;
+
                     }
 
                     // if not API call (i.e. JSON) ///config.headers["Accept"] === "application/json" &&
@@ -118,6 +127,12 @@ angular
 
                     return deferred.promise;
                 },
+                requestError: function(rejection) {
+                    // do something on error
+                    console.warn("rejection");
+
+                    return $q.reject(rejection);
+                },
                 responseError: function error(response) {
                     if (response.status === 401) {
                         var deferred = $q.defer();