@pagamio/frontend-commons-lib 0.8.290 → 0.8.292

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/api/client.js +6 -2
  2. package/lib/auth/utils/TokenManager.js +4 -4
  3. package/package.json +1 -1
package/lib/api/client.js CHANGED
@@ -11,7 +11,7 @@ export class ApiClient {
11
11
  defaultHeaders: {
12
12
  'Content-Type': 'application/json',
13
13
  },
14
- credentials: 'include',
14
+ credentials: 'same-origin',
15
15
  ...config,
16
16
  };
17
17
  }
@@ -159,7 +159,11 @@ export class ApiClient {
159
159
  * Creates a URL with query parameters.
160
160
  */
161
161
  createUrl(endpoint, params) {
162
- const url = new URL(endpoint.startsWith('http') ? endpoint : `${this.config.baseURL}${endpoint}`);
162
+ const raw = endpoint.startsWith('http') ? endpoint : `${this.config.baseURL}${endpoint}`;
163
+ // When baseURL is a relative path (e.g. /api/v1) we need window.location.origin
164
+ // as the base for the URL constructor.
165
+ const base = typeof window !== 'undefined' ? window.location.origin : undefined;
166
+ const url = new URL(raw, base);
163
167
  if (params) {
164
168
  Object.entries(params).forEach(([key, value]) => {
165
169
  url.searchParams.append(key, value);
package/lib/auth/utils/TokenManager.js CHANGED
@@ -60,13 +60,13 @@ export class TokenManager {
60
60
  }
61
61
  async refreshTokens() {
62
62
  try {
63
- // The refresh token is stored as an httpOnly cookie and cannot be read
64
- // by JS. We send `credentials: 'include'` so the browser attaches it
65
- // automatically, and `x-origin-web` so the backend reads from cookies.
63
+ // The refresh token is stored as an httpOnly cookie by the backend.
64
+ // Requests go through the same-origin proxy so cookies are first-party
65
+ // and sent automatically with credentials: 'same-origin'.
66
66
  const oldRefreshToken = this.getRefreshToken();
67
67
  const response = await fetch(`${this.baseUrl}${this.refreshEndpoint}`, {
68
68
  method: 'POST',
69
- credentials: 'include',
69
+ credentials: 'same-origin',
70
70
  headers: {
71
71
  'Content-Type': 'application/json',
72
72
  'x-origin-web': 'web-client',
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@pagamio/frontend-commons-lib",
3
3
  "description": "Pagamio library for Frontend reusable components like the form engine and table container",
4
- "version": "0.8.290",
4
+ "version": "0.8.292",
5
5
  "publishConfig": {
6
6
  "access": "public",
7
7
  "provenance": false