6d59bb790b
Added response interceptor to handle 403 errors caused by expired or invalid CSRF tokens. When a mutation fails with 403, the interceptor: 1. Detects if error is CSRF-related (checks error message for csrf/token/forbidden) 2. Refreshes the CSRF token via csrfService.ensureToken() 3. Updates request headers with new token 4. Retries the request once Features: - Only retries once per request (via _csrfRetry flag) - Skips retry for /csrf-token and /auth/* endpoints - Logs all CSRF refresh attempts for debugging - Falls through to original error if refresh fails - Handles both error.error and error.message formats TypeScript fixes: - Cast originalRequest to any for _csrfRetry property - Safely access error data with type checking Impact: Eliminates 403 errors on POST/PUT/DELETE when CSRF token expires. Users no longer need to manually refresh page to get new CSRF token. Fixes: P1.3 from audit AUDIT_TEMP_29_01_2026.md |
||
|---|---|---|
| .. | ||
| web | ||