From 599c5dd2391db4ba0df9f6460d3e83a27e7e70b8 Mon Sep 17 00:00:00 2001 From: Yared Yemane Date: Mon, 27 Apr 2026 04:49:40 -0700 Subject: [PATCH] static files access fix --- src/api/http.ts | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/src/api/http.ts b/src/api/http.ts index 893c181..61a757b 100644 --- a/src/api/http.ts +++ b/src/api/http.ts @@ -63,6 +63,27 @@ const isAuthEndpointRequest = (url?: string) => { ); }; +const ABSOLUTE_URL_REGEX = /^https?:\/\//i; + +const safeOrigin = (url?: string): string | null => { + if (!url) return null; + try { + return new URL(url).origin; + } catch { + return null; + } +}; + +const API_BASE_ORIGIN = safeOrigin(import.meta.env.VITE_API_BASE_URL); + +const shouldAttachApiAuth = (url?: string): boolean => { + if (!url) return true; + if (!ABSOLUTE_URL_REGEX.test(url)) return true; + const requestOrigin = safeOrigin(url); + if (!requestOrigin || !API_BASE_ORIGIN) return false; + return requestOrigin === API_BASE_ORIGIN; +}; + const refreshAccessToken = async (): Promise => { const refreshToken = localStorage.getItem("refresh_token"); @@ -118,6 +139,10 @@ const getValidAccessToken = async (forceRefresh = false): Promise => { // Attach access token to every request http.interceptors.request.use(async (config) => { + if (!shouldAttachApiAuth(config.url)) { + return config; + } + if (isAuthEndpointRequest(config.url)) { return config; } @@ -142,6 +167,7 @@ http.interceptors.response.use( if ( error.response?.status === 401 && !originalRequest._retry && + shouldAttachApiAuth(originalRequest.url) && !isAuthEndpointRequest(originalRequest.url) ) { originalRequest._retry = true; @@ -156,7 +182,7 @@ http.interceptors.response.use( } // Backend is down (network error, timeout, connection refused) - if (!error.response) { + if (!error.response && shouldAttachApiAuth(originalRequest.url)) { clearAuthAndRedirect(); return Promise.reject(error); }