config: inject Bearer token on config.fetch#2520
Merged
Merged
Conversation
REST helpers that call config.fetch directly, rather than going through the rest<T>() wrapper, sent no Authorization header. Under Module Federation v2 the Cloud UI host hands Console the access token via config.jwt instead of a pre-authenticated fetch, so those requests went out unauthenticated. Wrap the base fetch so every config.fetch call attaches the same Bearer token the gRPC interceptor uses. The token is read lazily so in-place host refreshes are picked up, and an Authorization header already set by a legacy host-provided (V1) fetch is left untouched.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
REST helpers that call config.fetch directly,
rather than going through the rest() wrapper,
sent no Authorization header. Under Module
Federation v2 the Cloud UI host hands Console the
access token via config.jwt instead of a
pre-authenticated fetch, so those requests went
out unauthenticated.
Wrap the base fetch so every config.fetch call
attaches the same Bearer token the gRPC
interceptor uses. The token is read lazily so
in-place host refreshes are picked up, and an
Authorization header already set by a legacy
host-provided (V1) fetch is left untouched.