@qlik/api 2.2.0 → 2.3.1

package/chunks/{auth-functions-BmZgZYSs.js → interceptors-2VSXImC9.js}

@@ -1,11 +1,9 @@
-import { a as sortKeys, i as isNode, r as isBrowser, t as cleanFalsyValues } from "./utils-BnC4lrlq.js";
-import { i as getInterceptors } from "./interceptors-DTYm37AU.js";
-import { n as hostConfigCommonProperties, t as authTypesThatCanBeOmitted } from "./auth-types-JehqruDP.js";
-import { customAlphabet, nanoid } from "nanoid";
+import { a as sortKeys, i as isNode, r as isBrowser, t as cleanFalsyValues } from "./utils-vv-xFm06.js";
+import { n as hostConfigCommonProperties, t as authTypesThatCanBeOmitted } from "./auth-types-h43TVDpB.js";
 
 //#region src/platform/platform-functions.ts
 const getPlatform = async (options = {}) => {
-	const hc = withResolvedHostConfig(options.hostConfig);
+	const hc = resolveHostConfig(options.hostConfig);
 	if (hc.authType === "mock-backend-rest-recorder") return hc.recordGetPlatform();
 	if (hc?.authType === "mock-backend") return hc.mockGetPlatform();
 	if (hc?.authType === "noauth") return result({ isUnknown: true });
@@ -130,28 +128,190 @@ const result = (data) => ({
 
 //#endregion
 //#region src/utils/random.ts
+const NANOID_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-";
+const HEX_ALPHABET = "0123456789abcdef";
+/**
+* Generates a random string from the given alphabet using crypto.getRandomValues
+* Works in both browser and Node.js environments
+*/
+function generateRandomFromAlphabet(alphabet, length) {
+	const bytes = new Uint8Array(length);
+	globalThis.crypto.getRandomValues(bytes);
+	let result$1 = "";
+	for (let i = 0; i < length; i++) result$1 += alphabet[bytes[i] % alphabet.length];
+	return result$1;
+}
 /**
 * Method helper for generating a random string [a-zA-Z0-9\-_]{length}
 * @param length - the length of the string
 */
 function generateRandomString(targetLength) {
-	return nanoid(targetLength);
+	return generateRandomFromAlphabet(NANOID_ALPHABET, targetLength);
 }
 /**
 * Method helper for generating a random hexadecimal-string [0-9a-f]{length}
 * @param length - the length of the string
 */
 function generateRandomHexString(targetLength) {
-	return customAlphabet("1234567890abcdef", targetLength)();
+	return generateRandomFromAlphabet(HEX_ALPHABET, targetLength);
+}
+
+//#endregion
+//#region src/auth/internal/host-config-functions.ts
+const emptyHostConfig = {};
+const normalizedHostConfigs = /* @__PURE__ */ new Map();
+/**
+* Returns a new host config with all default and falsy values removed.
+* @param hostConfig - The host config to fill with defaults
+* @returns
+*/
+function removeDefaults(hostConfig) {
+	const cleanedHostConfig = cleanFalsyValues(hostConfig) || {};
+	if (cleanedHostConfig.host) cleanedHostConfig.host = toValidLocationUrl(cleanedHostConfig);
+	if (isBrowser()) {
+		if (toValidLocationUrl(cleanedHostConfig) === window.location.origin) delete cleanedHostConfig.host;
+	}
+	if (cleanedHostConfig.authType && authTypesThatCanBeOmitted.includes(cleanedHostConfig.authType)) delete cleanedHostConfig.authType;
+	return cleanedHostConfig;
+}
+function globalReplacer(key, value) {
+	if (typeof value === "function") return;
+	return value;
+}
+/**
+* Serializes the provided hostConfig, if present, otherwise the default one.
+*/
+function serializeHostConfig$1(hostConfig) {
+	const sorted = sortKeys(removeDefaults(resolveHostConfig(hostConfig)));
+	return JSON.stringify(sorted, globalReplacer);
+}
+const registeredHostConfigs = /* @__PURE__ */ new Map();
+/**
+* Registers a host config with the given name.
+* @param name The name of the host config to be used to reference the host config later.
+* @param hostConfig The host config to register.
+*/
+function registerHostConfig$1(name, hostConfig) {
+	const reference = hostConfig?.reference || null;
+	if (reference && !registeredHostConfigs.has(reference)) throw new InvalidHostConfigError(`Host config with reference "${reference}" is not registered. Please register it before using it.`);
+	if (registeredHostConfigs.has(name)) console.warn(`registerHostConfig: Host config with name "${name}" is already registered. Overwriting.`);
+	registeredHostConfigs.set(name, hostConfig);
+}
+/**
+* Unregisters a host config with the given name.
+* @param name The name of the host config to unregister.
+*/
+function unregisterHostConfig$1(name) {
+	if (registeredHostConfigs.has(name)) registeredHostConfigs.delete(name);
+	else console.warn(`unregisterHostConfig: Host config with name "${name}" not found.`);
+}
+/**
+* Gets the host config with the given name.
+* @private
+* @param name The name of the host config to get.
+* @returns The host config, or undefined if not found.
+*/
+function getRegisteredHostConfig(name) {
+	return registeredHostConfigs.get(name);
+}
+/**
+* Sets the default host config that will be used for all api calls that do not include a HostConfig
+* @private
+* @param hostConfig the default HostConfig to use
+*/
+function setDefaultHostConfig$1(hostConfig) {
+	registerHostConfig$1("default", hostConfig || {});
+}
+/**
+* Gets the default host config that will be used for all qmfe api calls that do not include a HostConfig.
+* @private
+* @returns The default host config that will be used for all qmfe api calls that do not include a HostConfig
+*/
+function getDefaultHostConfig$1() {
+	return getRegisteredHostConfig("default") || {};
+}
+function normalizeHostConfig$1(hostConfig) {
+	const suppliedHostConfigOrEmpty = hostConfig || emptyHostConfig;
+	const serializedHostConfigKey = serializeHostConfig$1(suppliedHostConfigOrEmpty);
+	let normalizedHostConfig = normalizedHostConfigs.get(serializedHostConfigKey);
+	if (!normalizedHostConfig) {
+		normalizedHostConfig = removeDefaults(resolveHostConfig(suppliedHostConfigOrEmpty));
+		normalizedHostConfigs.set(serializedHostConfigKey, normalizedHostConfig);
+	}
+	return normalizedHostConfig;
+}
+
+//#endregion
+//#region src/auth/internal/page-redirect-request-listeners.ts
+/**
+* A store containing all listener registries for different host configurations.
+*/
+const listenerRegistries$1 = /* @__PURE__ */ new Map();
+/**
+* Retrieves the listener registry for a given host configuration, creating one if it doesn't exist.
+*/
+function getRegistryForHostConfig(hostConfig) {
+	const key = serializeHostConfig$1(hostConfig);
+	let registry = listenerRegistries$1.get(key);
+	if (!registry) {
+		registry = {
+			redirectRequestedListeners: /* @__PURE__ */ new Set(),
+			redirectStartedListeners: /* @__PURE__ */ new Set()
+		};
+		listenerRegistries$1.set(key, registry);
+	}
+	return registry;
+}
+/**
+* Registers a listener for page redirects requested by auth modules.
+* @param hostConfig
+* @param listener
+* @returns
+*/
+function onPageRedirectRequested$1(hostConfig, listener) {
+	const registry = getRegistryForHostConfig(hostConfig);
+	registry.redirectRequestedListeners.add(listener);
+	return () => {
+		registry.redirectRequestedListeners.delete(listener);
+	};
+}
+function onPageRedirectStarted$1(hostConfig, listener) {
+	const registry = getRegistryForHostConfig(hostConfig);
+	registry.redirectStartedListeners.add(listener);
+	return () => {
+		registry.redirectStartedListeners.delete(listener);
+	};
+}
+function requestRedirect(hostConfig) {
+	const registry = getRegistryForHostConfig(hostConfig);
+	const hasRedirectListener = registry.redirectRequestedListeners.size > 0 || hostConfig.authRedirectUserConfirmation;
+	if (hostConfig.autoRedirect || !hasRedirectListener) return Promise.resolve();
+	if (typeof hostConfig.authRedirectUserConfirmation === "function") return hostConfig.authRedirectUserConfirmation().catch(() => {});
+	return new Promise((resolve) => {
+		const proceed = () => {
+			for (const startedListener of registry.redirectStartedListeners) try {
+				startedListener();
+			} catch (error) {
+				console.warn(error);
+			}
+			resolve();
+		};
+		for (const requestListener of registry.redirectRequestedListeners) try {
+			requestListener({ proceed });
+		} catch (error) {
+			console.warn(error);
+		}
+	});
 }
 
 //#endregion
 //#region src/utils/expose-internal-test-apis.ts
-const internalApisName = "__QLIK_INTERNAL__DO_NOT_USE_OR_YOU_WILL_BE_FIRED";
 function exposeInternalApiOnWindow(name, fn) {
 	if (globalThis.location?.origin.startsWith("https://localhost:") || globalThis.location?.origin?.endsWith("qlik-stage.com")) {
-		if (globalThis[internalApisName] === void 0) globalThis[internalApisName] = {};
-		globalThis[internalApisName][name] = fn;
+		if (globalThis.QlikMain) {
+			if (globalThis.QlikMain.INTERNAL__DO_NOT_USE.qix === void 0) globalThis.QlikMain.INTERNAL__DO_NOT_USE.qix = {};
+			globalThis.QlikMain.INTERNAL__DO_NOT_USE.qix[name] = fn;
+		}
 	}
 }
 
@@ -523,7 +683,7 @@ async function getOAuthTokensForBrowser(hostConfig) {
 	});
 	if (oauthTokens) return oauthTokens;
 	if (hostConfig.performInteractiveLogin) return new Promise(() => {});
-	if (hostConfig.authRedirectUserConfirmation) await hostConfig.authRedirectUserConfirmation();
+	await requestRedirect(hostConfig);
 	startFullPageLoginFlow(hostConfig);
 	return new Promise(() => {});
 }
@@ -969,12 +1129,12 @@ function shouldUseCachedResult(options, cacheEntry, defaultMaxCacheTime) {
 */
 function toCacheKey({ url, query, headers, serializedHostConfig }) {
 	let cacheKey = url;
-	if (query) {
+	if (query && Object.keys(query).length > 0) {
 		const queryString = encodeQueryParams(query);
 		if (url.includes("?")) cacheKey = cacheKey.concat(`&${queryString}`);
 		else cacheKey = cacheKey.concat(`?${queryString}`);
 	}
-	if (headers) cacheKey = cacheKey.concat(`+headers=${JSON.stringify(headers)}`);
+	if (headers && Object.keys(headers).length > 0) cacheKey = cacheKey.concat(`+headers=${JSON.stringify(headers)}`);
 	if (serializedHostConfig && serializedHostConfig !== "{}") cacheKey = cacheKey.concat(`+host-config=${serializedHostConfig}`);
 	return cacheKey;
 }
@@ -1194,7 +1354,7 @@ async function getInvokeFetchUrlParams({ method, pathTemplate, pathVariables, qu
 		...query,
 		...authQueryParams
 	}));
-	const serializedHostConfig = serializeHostConfig$1(options?.hostConfig);
+	const serializedHostConfig = serializeHostConfig(options?.hostConfig);
 	return {
 		completeUrl,
 		authHeaders,
@@ -1245,7 +1405,7 @@ function addPagingFunctions(api, { method, body, options, authHeaders, credentia
 	return value.then((resp) => {
 		const dataWithPotentialLinks = resp.data;
 		if (!dataWithPotentialLinks) return resp;
-		const serializedHostConfig = serializeHostConfig$1(options?.hostConfig);
+		const serializedHostConfig = serializeHostConfig(options?.hostConfig);
 		const prevUrl = dataWithPotentialLinks.links?.prev?.href;
 		const nextUrl = dataWithPotentialLinks.links?.next?.href;
 		if (prevUrl) resp.prev = (prevOptions) => invokeFetchWithUrl(api, {
@@ -1340,8 +1500,8 @@ const defaultUserAgent = "qmfe-api/latest";
 * @param api Name of api to call. Will be used for caching responses.
 * @param invokeFetchProps InvokeFetchProperties
 */
-async function invokeFetch(api, props, interceptors) {
-	const effectiveInterceptors = interceptors || getInterceptors();
+async function invokeFetch(api, props, interceptors$1) {
+	const effectiveInterceptors = interceptors$1 || getInterceptors();
 	const invokeFetchFinal = (reqeust) => invokeFetchIntercepted(api, reqeust);
 	return (effectiveInterceptors || []).reduce((proceed, interceptor) => (request) => interceptor(request, proceed), invokeFetchFinal)(props);
 }
@@ -1451,6 +1611,7 @@ const QLIK_CSRF_TOKEN = "qlik-csrf-token";
 function clearCsrfToken(hostConfig) {
 	const locationUrl = toValidLocationUrl(hostConfig);
 	delete csrfTokens[locationUrl];
+	clearApiCache("csrf-token");
 }
 /**
 * Fetches the CSRF token from the server. The token is cached and will be reused for subsequent calls.
@@ -1470,7 +1631,8 @@ async function getCsrfToken(hostConfig, noCache) {
 				pathTemplate,
 				options: {
 					hostConfig,
-					noCache: true
+					maxCacheAge: 5e3,
+					noCache
 				}
 			})).headers.get(QLIK_CSRF_TOKEN);
 			if (!csrfToken) return "";
@@ -1551,7 +1713,7 @@ async function handleAuthenticationError$7({ hostConfig, status }) {
 	};
 	const webIntegrationParam = hostConfig.webIntegrationId ? `qlik-web-integration-id=${hostConfig?.webIntegrationId}&` : "";
 	const locationUrl = toValidLocationUrl(hostConfig);
-	if (hostConfig.authRedirectUserConfirmation) await hostConfig.authRedirectUserConfirmation();
+	await requestRedirect(hostConfig);
 	globalThis.location.replace(`${locationUrl}/login?${webIntegrationParam}returnto=${encodeURIComponent(globalThis.location.href)}`);
 	return { preventDefault: true };
 }
@@ -1698,7 +1860,7 @@ async function handleAuthenticationError$4({ hostConfig }) {
 			clearStoredOauthTokens(hostConfig);
 			return { retry: true };
 		}
-		if (hostConfig.authRedirectUserConfirmation) await hostConfig.authRedirectUserConfirmation();
+		await requestRedirect(hostConfig);
 		startFullPageLoginFlow(hostConfig);
 		return { preventDefault: true };
 	}
@@ -1788,7 +1950,7 @@ async function getWebSocketAuthParams$2({ hostConfig }) {
 }
 async function handleAuthenticationError$2({ hostConfig }) {
 	if (hostConfig.loginUri) {
-		if (hostConfig.authRedirectUserConfirmation) await hostConfig.authRedirectUserConfirmation();
+		await requestRedirect(hostConfig);
 		globalThis.location.replace(hostConfig.loginUri.replace("{location}", encodeURIComponent(globalThis.location.href)));
 		return { preventDefault: true };
 	}
@@ -1826,15 +1988,15 @@ var windows_cookie_default = {
 //#region src/auth/internal/default-auth-modules/windows-cookie-node.ts
 const nodeCookieStore = /* @__PURE__ */ new Map();
 function clearCookieInStore(hostConfig) {
-	const key = serializeHostConfig$1(hostConfig);
+	const key = serializeHostConfig(hostConfig);
 	nodeCookieStore.delete(key);
 }
 function setCookieInStore(hostConfig, cookie) {
-	const key = serializeHostConfig$1(hostConfig);
+	const key = serializeHostConfig(hostConfig);
 	nodeCookieStore.set(key, cookie);
 }
 function getCookieInStore(hostConfig) {
-	const key = serializeHostConfig$1(hostConfig);
+	const key = serializeHostConfig(hostConfig);
 	return nodeCookieStore.get(key);
 }
 async function getCookie(hostConfig) {
@@ -1910,15 +2072,15 @@ let ongoingAuthModuleLoading = Promise.resolve();
 let authModulesRegistered = false;
 (function registerDefaultAuthModules() {
 	if (!authModulesRegistered) {
-		registerAuthModule("apikey", apikey_default);
-		registerAuthModule("cookie", cookie_default);
-		registerAuthModule("none", none_default);
-		registerAuthModule("noauth", noauth_default);
-		registerAuthModule("oauth2", oauth_default);
-		registerAuthModule("anonymous", anonymous_default);
-		if (isBrowser()) registerAuthModule("windowscookie", windows_cookie_default);
-		else registerAuthModule("windowscookie", windows_cookie_node_default);
-		registerAuthModule("reference", reference_default);
+		registerAuthModule$1("apikey", apikey_default);
+		registerAuthModule$1("cookie", cookie_default);
+		registerAuthModule$1("none", none_default);
+		registerAuthModule$1("noauth", noauth_default);
+		registerAuthModule$1("oauth2", oauth_default);
+		registerAuthModule$1("anonymous", anonymous_default);
+		if (isBrowser()) registerAuthModule$1("windowscookie", windows_cookie_default);
+		else registerAuthModule$1("windowscookie", windows_cookie_node_default);
+		registerAuthModule$1("reference", reference_default);
 		authModulesRegistered = true;
 	}
 })();
@@ -1927,7 +2089,7 @@ let authModulesRegistered = false;
 * @param name the name of the module
 * @param authModule the implementation of the AuthModule interface
 */
-function registerAuthModule(name, authModule) {
+function registerAuthModule$1(name, authModule) {
 	authModules[name.toLowerCase()] = authModule;
 }
 /**
@@ -1954,8 +2116,8 @@ function getRegisteredAuthModule(authType) {
 * @param hostConfig
 */
 async function getAuthModule(hostConfig) {
-	const hostConfigToUse = withResolvedHostConfig(hostConfig);
-	const authType = await determineAuthType(hostConfigToUse);
+	const hostConfigToUse = resolveHostConfig(hostConfig);
+	const authType = await determineAuthType$1(hostConfigToUse);
 	if (ongoingAuthModuleLoading) await ongoingAuthModuleLoading;
 	let authModule = getRegisteredAuthModule(authType);
 	if (!authModule) {
@@ -1965,7 +2127,7 @@ async function getAuthModule(hostConfig) {
 		*/
 		ongoingAuthModuleLoading = (async () => {
 			authModule = await resolveGloballyDefinedAuthModule(authType);
-			if (authModule) registerAuthModule(authType, authModule);
+			if (authModule) registerAuthModule$1(authType, authModule);
 		})();
 		await ongoingAuthModuleLoading;
 	}
@@ -2025,7 +2187,7 @@ function internalValidateHostConfig(hostConfig, { requiredProps, optionalProps }
 * Determines the authType associated with a HostConfig even if it's
 * not explicitly set.
 */
-async function determineAuthType(hostConfig) {
+async function determineAuthType$1(hostConfig) {
 	if (hostConfig.authType) return hostConfig.authType;
 	if (hostConfig.apiKey) return "apikey";
 	if (hostConfig.accessCode) return "anonymous";
@@ -2079,76 +2241,55 @@ var AuthorizationError = class extends Error {
 };
 
 //#endregion
-//#region src/auth/internal/host-config-functions.ts
+//#region src/auth/internal/fatal-auth-error-listeners.ts
+const listenerRegistries = /* @__PURE__ */ new Map();
+let lastErrorMessage = "";
+let lastHostConfig;
 /**
-* Returns a new host config with all default and falsy values removed.
-* @param hostConfig - The host config to fill with defaults
-* @returns
+* Retrieves the listener registry for a given host configuration, creating one if it doesn't exist.
 */
-function removeDefaults(hostConfig) {
-	const cleanedHostConfig = cleanFalsyValues(hostConfig) || {};
-	if (cleanedHostConfig.host) cleanedHostConfig.host = toValidLocationUrl(cleanedHostConfig);
-	if (isBrowser()) {
-		if (toValidLocationUrl(cleanedHostConfig) === window.location.origin) delete cleanedHostConfig.host;
+function getAuthErrorListenerRegistryForHostConfig(hostConfig) {
+	const key = serializeHostConfig$1(hostConfig);
+	let registry = listenerRegistries.get(key);
+	if (!registry) {
+		registry = { listeners: /* @__PURE__ */ new Set() };
+		listenerRegistries.set(key, registry);
 	}
-	if (cleanedHostConfig.authType && authTypesThatCanBeOmitted.includes(cleanedHostConfig.authType)) delete cleanedHostConfig.authType;
-	return cleanedHostConfig;
-}
-function globalReplacer(key, value) {
-	if (typeof value === "function") return;
-	return value;
-}
-/**
-* Serializes the provided hostConfig, if present, otherwise the default one.
-*/
-function serializeHostConfig(hostConfig) {
-	const sorted = sortKeys(removeDefaults(withResolvedHostConfig(hostConfig)));
-	return JSON.stringify(sorted, globalReplacer);
-}
-const registeredHostConfigs = /* @__PURE__ */ new Map();
-/**
-* Registers a host config with the given name.
-* @param name The name of the host config to be used to reference the host config later.
-* @param hostConfig The host config to register.
-*/
-function registerHostConfig(name, hostConfig) {
-	const reference = hostConfig?.reference || null;
-	if (reference && !registeredHostConfigs.has(reference)) throw new InvalidHostConfigError(`Host config with reference "${reference}" is not registered. Please register it before using it.`);
-	if (registeredHostConfigs.has(name)) console.warn(`registerHostConfig: Host config with name "${name}" is already registered. Overwriting.`);
-	registeredHostConfigs.set(name, hostConfig);
-}
-/**
-* Unregisters a host config with the given name.
-* @param name The name of the host config to unregister.
-*/
-function unregisterHostConfig(name) {
-	if (registeredHostConfigs.has(name)) registeredHostConfigs.delete(name);
-	else console.warn(`unregisterHostConfig: Host config with name "${name}" not found.`);
-}
-/**
-* Gets the host config with the given name.
-* @private
-* @param name The name of the host config to get.
-* @returns The host config, or undefined if not found.
-*/
-function getRegisteredHostConfig(name) {
-	return registeredHostConfigs.get(name);
-}
-/**
-* Sets the default host config that will be used for all api calls that do not include a HostConfig
-* @private
-* @param hostConfig the default HostConfig to use
-*/
-function setDefaultHostConfig(hostConfig) {
-	registerHostConfig("default", hostConfig || {});
+	return registry;
+}
+/**
+* Emits a fatal authentication error to all registered listeners plus to the onAuthFailed property in the hostConfig.
+* If there are no listeners or onAuthFailed callback, the error message is logged to the console.
+*/
+function emitFatalAuthError(hostConfig, normalizedError) {
+	if (hostConfig === lastHostConfig && normalizedError.message === lastErrorMessage) return;
+	lastHostConfig = hostConfig;
+	lastErrorMessage = normalizedError.message;
+	let someOneIsListening = false;
+	const registry = getAuthErrorListenerRegistryForHostConfig(hostConfig);
+	for (const listener of registry.listeners) try {
+		someOneIsListening = true;
+		listener(normalizedError);
+	} catch (listenerError) {
+		console.warn("Error in auth error listener", listenerError);
+	}
+	if (hostConfig.onAuthFailed) try {
+		someOneIsListening = true;
+		hostConfig.onAuthFailed(normalizedError);
+	} catch (callbackError) {
+		console.warn("Error in onAuthFailed callback", callbackError);
+	}
+	if (!someOneIsListening) console.error(normalizedError.message);
 }
 /**
-* Gets the default host config that will be used for all qmfe api calls that do not include a HostConfig.
-* @private
-* @returns The default host config that will be used for all qmfe api calls that do not include a HostConfig
+* Registers a listener for fatal auth errors. This means errors in the actual auth mechanism, i.e. misconfigurations etc.
 */
-function getDefaultHostConfig() {
-	return getRegisteredHostConfig("default") || {};
+function onFatalAuthError$1(hostConfig, callback) {
+	const registry = getAuthErrorListenerRegistryForHostConfig(hostConfig);
+	registry.listeners.add(callback);
+	return () => {
+		registry.listeners.delete(callback);
+	};
 }
 
 //#endregion
@@ -2157,22 +2298,14 @@ function getDefaultHostConfig() {
 * Set initial loggingOut value to false to make sure it has a value before any auth module is loaded
 */
 globalThis.loggingOut = false;
-let lastErrorMessage = "";
-/** Default error logger that simply prints the error unless it is identical to the last one (to prevent bloating of the console) */
-function logToConsole({ message }) {
-	if (message !== lastErrorMessage) {
-		lastErrorMessage = message;
-		console.error(message);
-	}
-}
 /**
 * Determines the authType associated with a HostConfig even if it's
 * not explicitly set.
 * @param hostConfig the HostConfig containing authentication details
 * @returns promise that resolvs with the determined authentication type
 */
-function determineAuthType$1(hostConfig) {
-	return determineAuthType(hostConfig);
+function determineAuthType(hostConfig) {
+	return determineAuthType$1(hostConfig);
 }
 /**
 * Determines if a host is cross origin or not
@@ -2181,7 +2314,7 @@ function determineAuthType$1(hostConfig) {
 */
 function isHostCrossOrigin(hostConfig) {
 	if (!globalThis.location?.origin) return true;
-	const hostConfigToUse = withResolvedHostConfig(hostConfig);
+	const hostConfigToUse = resolveHostConfig(hostConfig);
 	if (Object.keys(hostConfigToUse).length === 0) return false;
 	try {
 		return new URL(toValidLocationUrl(hostConfigToUse)).origin !== globalThis.location.origin;
@@ -2193,7 +2326,7 @@ function isHostCrossOrigin(hostConfig) {
 * @param hostConfig the HostConfig containing authentication details
 */
 async function isWindows(hostConfig) {
-	const hostConfigToUse = withResolvedHostConfig(hostConfig);
+	const hostConfigToUse = resolveHostConfig(hostConfig);
 	if (typeof hostConfigToUse.forceIsWindows === "boolean") return hostConfigToUse.forceIsWindows;
 	if (hostConfigToUse.host?.endsWith(".qlik-stage.com") || hostConfigToUse.host?.endsWith(".qlikcloud.com") || hostConfigToUse.host?.endsWith(".qlikcloudgov.com")) return false;
 	if (hostConfigToUse.authType === "cookie") return false;
@@ -2205,7 +2338,7 @@ async function isWindows(hostConfig) {
 * @param hostConfig the HostConfig containing authentication details
 */
 function toValidLocationUrl(hostConfig) {
-	const url = withResolvedHostConfig(hostConfig)?.host?.trim();
+	const url = resolveHostConfig(hostConfig)?.host?.trim();
 	let locationUrl;
 	if (!url) locationUrl = "";
 	else if (url.toLowerCase().startsWith("https://") || url.toLowerCase().startsWith("http://")) locationUrl = url;
@@ -2218,7 +2351,7 @@ function toValidLocationUrl(hostConfig) {
 * @param hostConfig the HostConfig containing authentication details
 */
 function toValidWebsocketLocationUrl(hostConfig) {
-	const url = withResolvedHostConfig(hostConfig)?.host;
+	const url = resolveHostConfig(hostConfig)?.host;
 	let locationUrl;
 	if (!url) locationUrl = globalThis.location.origin;
 	else if (url.toLowerCase().startsWith("https://") || url.toLowerCase().startsWith("http://")) locationUrl = url;
@@ -2231,14 +2364,14 @@ function toValidWebsocketLocationUrl(hostConfig) {
 * @param hostConfig the HostConfig containing authentication details
 */
 async function getWebSocketAuthParams(props) {
-	const hostConfigToUse = withResolvedHostConfig(props.hostConfig);
+	const hostConfigToUse = resolveHostConfig(props.hostConfig);
 	try {
 		return await (await getAuthModule(hostConfigToUse)).getWebSocketAuthParams({
 			...props,
 			hostConfig: hostConfigToUse
 		});
 	} catch (err) {
-		(hostConfigToUse.onAuthFailed || logToConsole)(normalizeAuthModuleError(err));
+		emitFatalAuthError(hostConfigToUse, normalizeAuthModuleError(err));
 		throw err;
 	}
 }
@@ -2248,14 +2381,14 @@ async function getWebSocketAuthParams(props) {
 * @param hostConfig the HostConfig containing authentication details
 */
 async function getWebResourceAuthParams(props) {
-	const hostConfigToUse = withResolvedHostConfig(props.hostConfig);
+	const hostConfigToUse = resolveHostConfig(props.hostConfig);
 	try {
 		return await (await getAuthModule(hostConfigToUse)).getWebResourceAuthParams?.({
 			...props,
 			hostConfig: hostConfigToUse
 		}) || { queryParams: {} };
 	} catch (err) {
-		(hostConfigToUse.onAuthFailed || logToConsole)(normalizeAuthModuleError(err));
+		emitFatalAuthError(hostConfigToUse, normalizeAuthModuleError(err));
 		throw err;
 	}
 }
@@ -2263,7 +2396,7 @@ async function getWebResourceAuthParams(props) {
 * Calls and return handleAuthenticationError on the authModule a host config is associated with.
 */
 async function handleAuthenticationError(props) {
-	const hostConfigToUse = withResolvedHostConfig(props.hostConfig);
+	const hostConfigToUse = resolveHostConfig(props.hostConfig);
 	const result$1 = await (await getAuthModule(hostConfigToUse)).handleAuthenticationError({
 		...props,
 		hostConfig: hostConfigToUse
@@ -2272,7 +2405,7 @@ async function handleAuthenticationError(props) {
 	const willHangUntilANewPageIsLoaded = result$1.preventDefault;
 	if (!willRetry && !willHangUntilANewPageIsLoaded) {
 		const { status, errorBody } = props;
-		(hostConfigToUse.onAuthFailed || logToConsole)(normalizeInbandAuthError({
+		emitFatalAuthError(hostConfigToUse, normalizeInbandAuthError({
 			status,
 			errorBody
 		}));
@@ -2285,14 +2418,14 @@ async function handleAuthenticationError(props) {
 * @param props.method the http method, which may affect what authentication are needed.
 */
 async function getRestCallAuthParams(props) {
-	const hostConfigToUse = withResolvedHostConfig(props.hostConfig);
+	const hostConfigToUse = resolveHostConfig(props.hostConfig);
 	try {
 		return await (await getAuthModule(hostConfigToUse)).getRestCallAuthParams({
 			...props,
 			hostConfig: hostConfigToUse
 		});
 	} catch (err) {
-		(hostConfigToUse.onAuthFailed || logToConsole)(normalizeAuthModuleError(err));
+		emitFatalAuthError(hostConfigToUse, normalizeAuthModuleError(err));
 		throw err;
 	}
 }
@@ -2314,48 +2447,54 @@ async function getAccessToken(props) {
 * @param name the name of the module
 * @param authModule the implementation of the AuthModule interface
 */
-function registerAuthModule$1(name, authModule) {
-	registerAuthModule(name, authModule);
+function registerAuthModule(name, authModule) {
+	registerAuthModule$1(name, authModule);
 }
 /**
 * Sets the default host config that will be used for all api calls that do not include a HostConfig
 * @param hostConfig the default HostConfig to use
 */
-function setDefaultHostConfig$1(hostConfig) {
-	setDefaultHostConfig(hostConfig);
+function setDefaultHostConfig(hostConfig) {
+	setDefaultHostConfig$1(hostConfig);
 }
 /**
 * Registers a host config with the given name.
 * @param name The name of the host config to be used to reference the host config later.
 * @param hostConfig The host config to register.
 */
-function registerHostConfig$1(name, hostConfig) {
-	registerHostConfig(name, hostConfig);
+function registerHostConfig(name, hostConfig) {
+	registerHostConfig$1(name, hostConfig);
 }
 /**
 * Unregisters a host config with the given name.
 * @param name The name of the host config to unregister.
 */
-function unregisterHostConfig$1(name) {
-	unregisterHostConfig(name);
+function unregisterHostConfig(name) {
+	unregisterHostConfig$1(name);
 }
 /**
 * Serializes the provided hostConfig, if present, otherwise the default one.
 */
-function serializeHostConfig$1(hostConfig) {
-	return serializeHostConfig(hostConfig);
+function serializeHostConfig(hostConfig) {
+	return serializeHostConfig$1(hostConfig);
 }
 /**
 * Throws errors if hostConfig is missing or missing properties on cross domain requests
 */
 function checkForCrossDomainRequest(hostConfig) {
-	const hostConfigToUse = withResolvedHostConfig(hostConfig);
+	const hostConfigToUse = resolveHostConfig(hostConfig);
 	if (isHostCrossOrigin(hostConfigToUse)) {
 		if (Object.keys(hostConfigToUse).length === 0) throw new InvalidHostConfigError("a host config must be provided when making a cross domain request");
 		if (!hostConfigToUse.host) throw new InvalidHostConfigError("A 'host' property must be set in host config when making a cross domain request");
 	}
 }
 /**
+* Returns a normalized host config that will always be the same instance when the serialized host config is the same.
+*/
+function normalizeHostConfig(hostConfig) {
+	return normalizeHostConfig$1(hostConfig);
+}
+/**
 * Logs out the user and sets `global.loggingOut` to true.
 * **NOTE**: Does not abort pending requests.
 */
@@ -2386,29 +2525,242 @@ function normalizeAuthModuleError(err) {
 	return { message: err.message || "Unknown error" };
 }
 /**
-* Returns a resolved host config. If the host config is a reference to a registered host config, it will be resolved
-* to the actual host config.
-* If the host config is undefined or empty, the default host config will be used.
-* If the host config is not a reference, it will be returned as is.
-* @private
+* Replaces the supplied host config according the following rules:
+* * If the host config is a reference to a registered host config, the registered host config will be used.
+* * If the host config is undefined or empty, the default host config will be returned.
+* * If the host config is not a reference and not empty or undefined, it will be returned as is.
+* * If the host config is empty or undefined an empty object (which represents the default cookie mode) is returned.
 * @param hostConfig - The host config to resolve
-* @returns
 */
-function withResolvedHostConfig(hostConfig) {
+function resolveHostConfig(hostConfig) {
 	if (hostConfig?.reference) {
 		const refConfig = getRegisteredHostConfig(hostConfig.reference);
 		if (!refConfig) throw new InvalidHostConfigError(`Host config with name "${hostConfig.reference}" not found.`);
 		return refConfig;
 	}
 	if (hostConfig && Object.keys(hostConfig).length > 0) return hostConfig;
-	return getDefaultHostConfig();
+	return getDefaultHostConfig$1();
 }
 /**
 * Returns the default host config that is used for all qmfe api calls that do not include a host config
 */
-function getDefaultHostConfig$1() {
-	return getDefaultHostConfig();
+function getDefaultHostConfig() {
+	return getDefaultHostConfig$1();
+}
+/**
+* Registers a callback to be invoked when a fatal authentication error occurs for the provided hostConfig.
+* @param callback The callback function to register
+* @returns A function to unregister the callback
+*/
+function onFatalAuthError(hostConfig, callback) {
+	return onFatalAuthError$1(hostConfig, callback);
+}
+/**
+* Registers a listener for page redirect requested by the auth module that is handling authentication for the provided host configuration.
+* This is typically used when embedded to let the end user explicitly approve a redirect by for instance clicking an "authorize" button. The user can then decide to leave that UI unauthorized
+* and stay on the page.
+* The listener is provided a `proceed` function that if called continues the redirect process. Before actually redirecting the page, the onPageRedirectStarted listeners are called.
+* Note that if more than one listener is registered, it still takes just one proceed call to continue the redirect process so it can not be used to block the redirect.
+*/
+function onPageRedirectRequested(hostConfig, listener) {
+	return onPageRedirectRequested$1(hostConfig, listener);
+}
+/**
+* Registers a listener that will be called when a page redirect is started by the auth module that is handling authentication for the provided host configuration.
+*/
+function onPageRedirectStarted(hostConfig, listener) {
+	return onPageRedirectStarted$1(hostConfig, listener);
+}
+
+//#endregion
+//#region src/interceptors/boot-interceptors.ts
+/**
+* @internal
+* The paths expected in the from core-init BFF response.
+* Exposed for testing.
+*/
+const coreBootPaths = new Set([
+	"/api/v1/brands/active",
+	"/api/v1/claims/me",
+	"/api/v1/licenses/allotments",
+	"/api/v1/licenses/allotments/me",
+	"/api/v1/licenses/number",
+	"/api/v1/licenses/status",
+	"/api/v1/tenants/me",
+	"/api/v1/users/me",
+	"/api/v1/user-locale"
+]);
+/**
+* @internal
+* The path of the core-init BFF response.
+* Exposed for testing.
+*/
+const coreBootEndpoint = "/api/v1/boot/core-init";
+let coreBootPromises = {};
+let enableDespiteNode = false;
+function interceptorEnabled() {
+	return !isNode() || enableDespiteNode;
+}
+/**
+* An interceptor that populates the cache from the response of a _backend
+* for frontend_ endpoint. This endpoint contains the response of the most common
+* initial calls, mainly from **qmfe-core**.
+*
+* If the interceptor finds a matching call it runs once and then removes itself after
+* populating the cache causing the original request (and following ones) to hit the cache instead.
+*
+* The endpoint is implemented in the _customizations_ service and should
+* contain the responses of the requests specified in 'coreBootPaths'.
+*/
+const coreBootInterceptor = async (request, proceed) => {
+	if (!interceptorEnabled()) return proceed(request);
+	if (request.pathTemplate !== "/api/v1/features" && !coreBootPaths.has(request.pathTemplate)) return proceed(request);
+	const hostConfig = request.options?.hostConfig;
+	if (hostConfig?.authType === "noauth" || await isWindows(hostConfig) || (await getPlatform({ hostConfig })).isCloudConsole) return proceed(request);
+	const serializedHostConfig = serializeHostConfig$1(request.options?.hostConfig);
+	coreBootPromises[serializedHostConfig] ??= callCoreBootAndFillCache(hostConfig, serializedHostConfig);
+	if (request.pathTemplate !== "/api/v1/features") await coreBootPromises[serializedHostConfig];
+	return proceed(request);
+};
+async function callCoreBootAndFillCache(hostConfig, serializedHostConfig) {
+	const bootRequest = {
+		method: "GET",
+		pathTemplate: coreBootEndpoint,
+		options: { hostConfig }
+	};
+	try {
+		const bootResponse = await invokeFetch(".global", bootRequest);
+		const locationUrl = toValidLocationUrl(hostConfig);
+		populateCacheFrom(bootResponse.data, coreBootPaths, serializedHostConfig, locationUrl);
+	} catch (e) {
+		console.error("Failed to bootstrap core-info:", e);
+	}
+}
+function populateCacheFrom(responses, pathsToInclude, serializedHostConfig, locationUrl) {
+	if (!responses) return;
+	for (const res of responses) {
+		if (!pathsToInclude.has(res.path)) continue;
+		const completeUrl = locationUrl + res.path;
+		const { status, method, data } = res;
+		if (typeof data === "undefined") continue;
+		if (status && (status < 200 || status >= 300)) continue;
+		const response = Promise.resolve({
+			status: status || 200,
+			data
+		});
+		const cacheKey = toCacheKey({
+			url: completeUrl,
+			serializedHostConfig
+		});
+		updateCache(globalCacheNamespace, {
+			method: method || "GET",
+			completeUrl,
+			cacheKey
+		}, response);
+	}
 }
 
 //#endregion
-export { getPlatform as A, invokeFetch as C, InvokeFetchError as D, EncodingError as E, exposeInternalApiOnWindow as O, clearApiCache as S, appendQueryToUrl as T, unregisterHostConfig$1 as _, getWebResourceAuthParams as a, InvalidHostConfigError as b, isHostCrossOrigin as c, registerAuthModule$1 as d, registerHostConfig$1 as f, toValidWebsocketLocationUrl as g, toValidLocationUrl as h, getRestCallAuthParams as i, generateRandomString as k, isWindows as l, setDefaultHostConfig$1 as m, getAccessToken as n, getWebSocketAuthParams as o, serializeHostConfig$1 as p, getDefaultHostConfig$1 as r, handleAuthenticationError as s, determineAuthType$1 as t, logout as u, AuthorizationError as v, parseFetchResponse as w, UnexpectedAuthTypeError as x, InvalidAuthTypeError as y };
+//#region src/interceptors/interceptors.ts
+let GLOBAL_INTERCEPTORS;
+function createInterceptors() {
+	const interceptors$1 = [...GLOBAL_INTERCEPTORS?.getInterceptors() || []];
+	return {
+		addInterceptor: (interceptor) => {
+			interceptors$1.push(interceptor);
+			return interceptor;
+		},
+		removeInterceptor: (interceptor) => {
+			const index = interceptors$1.indexOf(interceptor);
+			let removed;
+			if (index !== -1) removed = interceptors$1.splice(index, 1)[0];
+			return removed || null;
+		},
+		getInterceptors: () => interceptors$1
+	};
+}
+let addDefaultInterceptorsRun = false;
+function addDefaultInterceptors() {
+	if (addDefaultInterceptorsRun) return;
+	if (isBrowser()) {
+		const readFlagsFromUrlQuery = () => {
+			const featuresParam = new URLSearchParams(window.location.search).get("features");
+			if (!featuresParam) return {};
+			return featuresParam.split(",").map((item) => item.trim()).reduce((map, obj) => {
+				const value = !obj.startsWith("!");
+				const key = value ? obj : obj.substring(1);
+				map[key] = value;
+				return map;
+			}, {});
+		};
+		const readFlagsFromLocalStorage = () => {
+			try {
+				const featuresParam = localStorage.getItem("qcs-features");
+				if (featuresParam) return JSON.parse(featuresParam);
+				return {};
+			} catch {
+				return {};
+			}
+		};
+		const flagsFromUrl = readFlagsFromUrlQuery();
+		const flagsFromLocalStorage = readFlagsFromLocalStorage();
+		const featuresInterceptor = async (request, proceed) => {
+			let resultPromise;
+			if (request.pathTemplate === "/api/v1/features") {
+				resultPromise = proceed(request);
+				const result$1 = await resultPromise;
+				return {
+					...result$1,
+					data: {
+						...result$1.data || {},
+						...flagsFromLocalStorage,
+						...flagsFromUrl
+					}
+				};
+			}
+			return proceed(request);
+		};
+		GLOBAL_INTERCEPTORS.addInterceptor(featuresInterceptor);
+		GLOBAL_INTERCEPTORS.addInterceptor(coreBootInterceptor);
+	}
+	addDefaultInterceptorsRun = true;
+}
+/**
+* The global interceptor stack
+*/
+GLOBAL_INTERCEPTORS = createInterceptors();
+/**
+* Adds an interceptor to the global interceptor stack
+* Returns the newly added interceptor
+* @param interceptor the interceptor to add
+* @returns the newly added interceptor
+*/
+function addInterceptor(interceptor) {
+	return GLOBAL_INTERCEPTORS.addInterceptor(interceptor);
+}
+/**
+* Removes an interceptor from the global interceptor stack
+* @param interceptor the interceptor remove
+*/
+function removeInterceptor(interceptor) {
+	return GLOBAL_INTERCEPTORS.removeInterceptor(interceptor);
+}
+/**
+* Gets all registered interceptors
+*/
+function getInterceptors() {
+	return GLOBAL_INTERCEPTORS.getInterceptors();
+}
+/**
+* The interceptors API
+*/
+const interceptors = {
+	addInterceptor,
+	removeInterceptor,
+	getInterceptors,
+	createInterceptors
+};
+var interceptors_default = interceptors;
+
+//#endregion
+export { InvalidHostConfigError as A, getPlatform as B, serializeHostConfig as C, unregisterHostConfig as D, toValidWebsocketLocationUrl as E, appendQueryToUrl as F, EncodingError as I, InvokeFetchError as L, clearApiCache as M, invokeFetch as N, AuthorizationError as O, parseFetchResponse as P, exposeInternalApiOnWindow as R, registerHostConfig as S, toValidLocationUrl as T, normalizeHostConfig as _, interceptors_default as a, onPageRedirectStarted as b, getAccessToken as c, getWebResourceAuthParams as d, getWebSocketAuthParams as f, logout as g, isWindows as h, getInterceptors as i, UnexpectedAuthTypeError as j, InvalidAuthTypeError as k, getDefaultHostConfig as l, isHostCrossOrigin as m, addInterceptor as n, removeInterceptor as o, handleAuthenticationError as p, createInterceptors as r, determineAuthType as s, addDefaultInterceptors as t, getRestCallAuthParams as u, onFatalAuthError as v, setDefaultHostConfig as w, registerAuthModule as x, onPageRedirectRequested as y, generateRandomString as z };