(texera) branch release/v1.2 updated: fix(frontend): exclude /api/config/pre-login from JwtModule (#5408)

Sat, 06 Jun 2026 16:08:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

Yicong-Huang pushed a commit to branch release/v1.2
in repository https://gitbox.apache.org/repos/asf/texera.git


The following commit(s) were added to refs/heads/release/v1.2 by this push:
     new 1000d760ab fix(frontend): exclude /api/config/pre-login from JwtModule 
(#5408)
1000d760ab is described below

commit 1000d760abefc7409afaf7c11b32718f7a29023e
Author: Yicong Huang <[email protected]>
AuthorDate: Sat Jun 6 23:08:04 2026 +0000

    fix(frontend): exclude /api/config/pre-login from JwtModule (#5408)
    
    ### What changes were proposed in this PR?
    
    Adds `api/config/pre-login` to `JwtModule.forRoot`'s `disallowedRoutes`
    so the anonymous pre-login config fetch is no longer auto-attached with
    `Authorization: Bearer …`. Before this change a stored JWT whose
    signature can't be verified server-side (key rotation, manual tampering,
    cross-deployment bleed) would make the eager `JwtAuthFilter` return 401
    to the pre-login request, leaving `GuiConfigService` in an unrecoverable
    error state and the login form blank until a manual reload.
    
    ### Any related issues, documentation, discussions?
    
    Closes #5407. Companion to #5404 — without this change, the eager filter
    introduced there exposes the regression described above.
    
    ### How was this PR tested?
    
    Manually tested in the browser against #5404's backend with a forged JWT
    in localStorage; confirmed `/api/config/pre-login` no longer carries
    `Authorization` and the login form renders without a manual reload.
    
    ### Was this PR authored or co-authored using generative AI tooling?
    
    (backported from commit 65aca57507a51582da6b264d27aa5984ef727904)
    
    Generated-by: Claude Code (Opus 4.7)
---
 frontend/src/app/app.module.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/app/app.module.ts b/frontend/src/app/app.module.ts
index 485b3c2e4a..511395365d 100644
--- a/frontend/src/app/app.module.ts
+++ b/frontend/src/app/app.module.ts
@@ -206,7 +206,7 @@ registerLocaleData(en);
         tokenGetter: AuthService.getAccessToken,
         skipWhenExpired: true,
         throwNoTokenError: false,
-        disallowedRoutes: ["forum/api/users"],
+        disallowedRoutes: ["forum/api/users", "api/config/pre-login"],
       },
     }),
     BrowserAnimationsModule,

Reply via email to