Skip to content

fix: initialize CSRF cookies by calling Studio base URL #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 20, 2025
Merged

fix: initialize CSRF cookies by calling Studio base URL #7

merged 1 commit into from
Oct 20, 2025

Conversation

pganesh-apphelix
Copy link

No description provided.

Faraz32123
Faraz32123 reviewed Oct 17, 2025
View reviewed changes
Faraz32123
Faraz32123 reviewed Oct 17, 2025
View reviewed changes
@codecov-commenter
Copy link

codecov-commenter commented Oct 17, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.69%. Comparing base (5778876) to head (d3cf40f).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master       #7   +/-   ##
=======================================
  Coverage   94.69%   94.69%           
=======================================
  Files        1204     1204           
  Lines       26854    26854           
  Branches     6025     6026    +1     
=======================================
  Hits        25430    25430           
- Misses       1354     1365   +11     
+ Partials       70       59   -11

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pganesh-apphelix pganesh-apphelix force-pushed the pganesh/TNL2-356 branch 2 times, most recently from 3baa958 to 1bc41b6 Compare October 17, 2025 11:19
Faraz32123
Faraz32123 approved these changes Oct 17, 2025
View reviewed changes
Copy link
Collaborator

@Faraz32123 Faraz32123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@pganesh-apphelix pganesh-apphelix marked this pull request as ready for review October 17, 2025 13:16
@Copilot Copilot AI review requested due to automatic review settings October 17, 2025 13:16
Copilot
Copilot AI reviewed Oct 17, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Purpose: Initialize CSRF cookies by touching the Studio base URL before mutating (POST/PUT/PATCH/DELETE) requests.

  • Adds APP_AUTH_INITIALIZED subscription that installs an axios request interceptor.
  • Interceptor prefaces mutating requests with a GET to STUDIO_BASE_URL, falling back to a hidden iframe if the GET fails.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

src/index.jsx
Comment on lines 154 to +155

subscribe(APP_AUTH_INITIALIZED, () => {
Copy link

Copilot AI Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Registering the interceptor inside the event callback without a guard can lead to multiple identical interceptors if APP_AUTH_INITIALIZED fires more than once, causing duplicated priming requests. Add a flag to ensure the interceptor is added only once or store/eject the interceptor ID if re-registration is attempted.

Suggested change
subscribe(APP_AUTH_INITIALIZED, () => {
// Guard to ensure the interceptor is only registered once
let interceptorRegistered = false;
subscribe(APP_AUTH_INITIALIZED, () => {
if (interceptorRegistered) {
return;
}
interceptorRegistered = true;

Copilot uses AI. Check for mistakes.

src/index.jsx
Comment on lines +156 to +161
getAuthenticatedHttpClient().interceptors.request.use(async (requestConfig) => {
const methodsToIntercept = ['post', 'put', 'delete', 'patch'];

if (methodsToIntercept.includes(requestConfig.method?.toLowerCase())) {
try {
await getAuthenticatedHttpClient().get(getConfig().STUDIO_BASE_URL, {
Copy link

Copilot AI Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Repeated calls to getAuthenticatedHttpClient() inside the interceptor can be replaced by a captured constant (e.g., const client = getAuthenticatedHttpClient();) to make intent clearer and avoid any risk if the factory were to return a new instance in future changes.

Suggested change
getAuthenticatedHttpClient().interceptors.request.use(async (requestConfig) => {
const methodsToIntercept = ['post', 'put', 'delete', 'patch'];
if (methodsToIntercept.includes(requestConfig.method?.toLowerCase())) {
try {
await getAuthenticatedHttpClient().get(getConfig().STUDIO_BASE_URL, {
const client = getAuthenticatedHttpClient();
client.interceptors.request.use(async (requestConfig) => {
const methodsToIntercept = ['post', 'put', 'delete', 'patch'];
if (methodsToIntercept.includes(requestConfig.method?.toLowerCase())) {
try {
await client.get(getConfig().STUDIO_BASE_URL, {

Copilot uses AI. Check for mistakes.

@pganesh-apphelix pganesh-apphelix merged commit 89ca695 into master Oct 20, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Faraz32123 Faraz32123 Faraz32123 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pganesh-apphelix @codecov-commenter @Faraz32123