Merge remote-tracking branch 'origin/V2' into demo

2026-02-17 13:52:14 +01:00 · 2025-11-17 12:15:04 +00:00
parent 4d1af9ad3f 4b43693e29
commit 11c080bc43
5 changed files with 104 additions and 56 deletions
--- a/frontend/src/proprietary/auth/springAuthClient.ts
+++ b/frontend/src/proprietary/auth/springAuthClient.ts
@@ -107,7 +107,7 @@ class SpringAuthClient {
    for (const cookie of cookies) {
      const [name, value] = cookie.trim().split('=');
      if (name === 'XSRF-TOKEN') {
-        return value;
+        return decodeURIComponent(value);
      }
    }
    return null;
@@ -278,7 +278,7 @@ class SpringAuthClient {
    try {
      const response = await apiClient.post('/api/v1/auth/logout', null, {
        headers: {
-          'X-CSRF-TOKEN': this.getCsrfToken() || '',
+          'X-XSRF-TOKEN': this.getCsrfToken() || '',
        },
        withCredentials: true,
      });
@@ -311,7 +311,7 @@ class SpringAuthClient {
    try {
      const response = await apiClient.post('/api/v1/auth/refresh', null, {
        headers: {
-          'X-CSRF-TOKEN': this.getCsrfToken() || '',
+          'X-XSRF-TOKEN': this.getCsrfToken() || '',
        },
        withCredentials: true,
      });
--- a/frontend/src/proprietary/services/apiClientSetup.ts
+++ b/frontend/src/proprietary/services/apiClientSetup.ts
@@ -9,17 +9,38 @@ function getJwtTokenFromStorage(): string | null {
  }
 }

+function getXsrfToken(): string | null {
+  try {
+    const cookies = document.cookie.split(';');
+    for (const cookie of cookies) {
+      const [name, value] = cookie.trim().split('=');
+      if (name === 'XSRF-TOKEN') {
+        return decodeURIComponent(value);
+      }
+    }
+    return null;
+  } catch (error) {
+    console.error('[API Client] Failed to read XSRF token from cookies:', error);
+    return null;
+  }
+}
+
 export function setupApiInterceptors(client: AxiosInstance): void {
  // Install request interceptor to add JWT token
  client.interceptors.request.use(
    (config) => {
      const jwtToken = getJwtTokenFromStorage();
+      const xsrfToken = getXsrfToken();

      if (jwtToken && !config.headers.Authorization) {
        config.headers.Authorization = `Bearer ${jwtToken}`;
        console.debug('[API Client] Added JWT token from localStorage to Authorization header');
      }

+      if (xsrfToken && !config.headers['X-XSRF-TOKEN']) {
+        config.headers['X-XSRF-TOKEN'] = xsrfToken;
+      }
+
      return config;
    },
    (error) => {