dmolinari/SIG-CM2.0
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(web): use endsWith for /auth path exclusion in refresh interceptor

Browse Source 
Avoids substring-match false positives on future endpoints whose URL could
contain /auth/refresh or /auth/login as infix (W-01 from verify report).
This commit is contained in:
dmolinari
2026-04-14 13:59:37 -03:00
parent 7fadb88da0
commit 96dbeecc0f
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/web/src/api/axiosClient.ts
View File

@@ -64,8 +64,8 @@ axiosClient.interceptors.response.use(
status !== 401 || status !== 401 ||
!original || !original ||
original._retry || original._retry ||
url.includes('/auth/refresh') || url.endsWith('/auth/refresh') ||
url.includes('/auth/login') url.endsWith('/auth/login')
) { ) {
return Promise.reject(error) return Promise.reject(error)
} }