Retry CSRF if first one failed

cjmalloy · Apr 3, 2024 · cc4a02b · cc4a02b
1 parent 5aeccc6
commit cc4a02b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/src/app/component/login-popup/login-popup.component.html b/src/app/component/login-popup/login-popup.component.html
@@ -3,7 +3,7 @@
     @if (config.login) {
       <div class="fake-link no-select" (click)="doLogin()" i18n>Click here to login.</div>
     } @else {
-      Please log in and try again.
+      <div>Please log in and try again.</div>
     }
     <button type="button" (click)="clear()" i18n>clear</button>
   }

diff --git a/src/app/http/csrf.interceptor.ts b/src/app/http/csrf.interceptor.ts
@@ -1,6 +1,6 @@
 import { HttpEvent, HttpHandler, HttpInterceptor, HttpRequest } from '@angular/common/http';
 import { Injectable, isDevMode } from '@angular/core';
-import { Observable } from 'rxjs';
+import { catchError, filter, Observable, retry, retryWhen, switchMap, throwError } from 'rxjs';
 import { ConfigService } from '../service/config.service';
 
 @Injectable()
@@ -25,6 +25,17 @@ export class CsrfInterceptor implements HttpInterceptor {
       headers: request.headers.set('X-XSRF-TOKEN', this.getCsrfToken()),
       withCredentials: this.withCredentials,
     });
-    return next.handle(modifiedReq);
+    return next.handle(modifiedReq).pipe(
+      catchError(err => {
+        if (!err.status || err.status === 403) {
+          const retryReq = request.clone({
+            headers: request.headers.set('X-XSRF-TOKEN', this.getCsrfToken()),
+            withCredentials: this.withCredentials,
+          });
+          return next.handle(retryReq);
+        }
+        return throwError(() => err);
+      }),
+    );
   }
 }