HttpInterceptor Tokens Leak on CORS requests and break CORS. #504
Description
I'm submitting a...
- Regression (a behavior that used to work and stopped working in a new release)
- [ X ] Bug report
- Performance issue
- Feature request
- Documentation issue or request
- Other... Please describe:
Current behavior
AngularTokenInterceptor sends headers to outside domain (CORS) when apibase is null or blank. This breaks CORS requests.
Expected behavior
AngularTokenInterceptor should not use match test when apiBase configuration is blank or null. This breaks CORS requests running through the pipeline and also leaks data to outside servers.
What is the motivation / use case for changing the behavior?
- Breaks CORS requests by adding unacceptable request headers.
- Leaks tokens outside of authentication domain.
Environment
Angular-Token version: 6.0.4 (still an issue in current)
Angular version: 7.0.3
Bundler
- Angular CLI (Webpack)
- Webpack
- SystemJS
Browser:
- [ x ] Chrome (desktop) version XX
- [ x ] Chrome (Android) version XX
- Chrome (iOS) version XX
- [ x ] Firefox version XX
- Safari (desktop) version XX
- Safari (iOS) version XX
- IE version XX
- Edge version XX
Others:
Not sure the best way to fix this, but there needs to be some way to prevent tokens from being appended to every request going through the pipeline when the api base is set to "" which will be the default in 95% of cases.