@pagamio/frontend-commons-lib 0.8.290 → 0.8.291

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/api/client.js +1 -1
  2. package/lib/auth/utils/TokenManager.js +4 -4
  3. package/package.json +1 -1
package/lib/api/client.js CHANGED
@@ -11,7 +11,7 @@ export class ApiClient {
11
11
  defaultHeaders: {
12
12
  'Content-Type': 'application/json',
13
13
  },
14
- credentials: 'include',
14
+ credentials: 'same-origin',
15
15
  ...config,
16
16
  };
17
17
  }
package/lib/auth/utils/TokenManager.js CHANGED
@@ -60,13 +60,13 @@ export class TokenManager {
60
60
  }
61
61
  async refreshTokens() {
62
62
  try {
63
- // The refresh token is stored as an httpOnly cookie and cannot be read
64
- // by JS. We send `credentials: 'include'` so the browser attaches it
65
- // automatically, and `x-origin-web` so the backend reads from cookies.
63
+ // The refresh token is stored as an httpOnly cookie by the backend.
64
+ // Requests go through the same-origin proxy so cookies are first-party
65
+ // and sent automatically with credentials: 'same-origin'.
66
66
  const oldRefreshToken = this.getRefreshToken();
67
67
  const response = await fetch(`${this.baseUrl}${this.refreshEndpoint}`, {
68
68
  method: 'POST',
69
- credentials: 'include',
69
+ credentials: 'same-origin',
70
70
  headers: {
71
71
  'Content-Type': 'application/json',
72
72
  'x-origin-web': 'web-client',
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@pagamio/frontend-commons-lib",
3
3
  "description": "Pagamio library for Frontend reusable components like the form engine and table container",
4
- "version": "0.8.290",
4
+ "version": "0.8.291",
5
5
  "publishConfig": {
6
6
  "access": "public",
7
7
  "provenance": false