fix: PR changes

supertokens · Jun 28, 2024 · 49370d9 · 49370d9
1 parent 2a8264a
commit 49370d9
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 13 deletions.
diff --git a/bundle/bundle.js b/bundle/bundle.js
diff --git a/lib/build/fetch.js b/lib/build/fetch.js
diff --git a/lib/build/xmlhttprequest.js b/lib/build/xmlhttprequest.js
diff --git a/lib/ts/axios.ts b/lib/ts/axios.ts
@@ -599,9 +599,10 @@ async function saveTokensFromHeaders(response: AxiosResponse) {
 
     const antiCsrfToken = response.headers["anti-csrf"];
     if (antiCsrfToken !== undefined) {
-        // Call getLocalSessionState with tryRefresh: false as the session was just refreshed.
-        // If the local session doesn't exist, it means we failed to write to cookies.
-        // Using tryRefresh: true would cause an infinite refresh loop.
+        // At this point, the session has either been newly created or refreshed.
+        // Thus, there's no need to call getLocalSessionState with tryRefresh: true.
+        // Calling getLocalSessionState with tryRefresh: true will cause a refresh loop
+        // if cookie writes are disabled.
         const tok = await getLocalSessionState(false);
         if (tok.status === "EXISTS") {
             logDebugMessage("doRequest: Setting anti-csrf token");

diff --git a/lib/ts/fetch.ts b/lib/ts/fetch.ts
@@ -677,7 +677,7 @@ export async function getLocalSessionState(tryRefresh: boolean): Promise<LocalSe
             // session refresh may work but other SDK functionalities won't work as expected.
             // Therefore, we throw an error here instead of retrying.
             if (!frontTokenExists || lastAccessTokenUpdate === undefined) {
-                const errorMessage = `Failed to retrieve local session state from cookies after a successful session refresh. This indicates a configuration error or that the browser is preventing cookie writes (e.g., incognito mode).`;
+                const errorMessage = `Failed to retrieve local session state from cookies after a successful session refresh. This indicates a configuration error or that the browser is preventing cookie writes.`;
                 console.error(errorMessage);
                 throw new Error(errorMessage);
             }
@@ -813,9 +813,10 @@ async function saveTokensFromHeaders(response: Response) {
     }
     const antiCsrfToken = response.headers.get("anti-csrf");
     if (antiCsrfToken !== null) {
-        // Call getLocalSessionState with tryRefresh: false as the session was just refreshed.
-        // If the local session doesn't exist, it means we failed to write to cookies.
-        // Using tryRefresh: true would cause an infinite refresh loop.
+        // At this point, the session has either been newly created or refreshed.
+        // Thus, there's no need to call getLocalSessionState with tryRefresh: true.
+        // Calling getLocalSessionState with tryRefresh: true will cause a refresh loop
+        // if cookie writes are disabled.
         const tok = await getLocalSessionState(false);
         if (tok.status === "EXISTS") {
             logDebugMessage("saveTokensFromHeaders: Setting anti-csrf token");
@@ -840,7 +841,7 @@ export async function saveLastAccessTokenUpdate() {
 
     if (successfullySavedToCookies === false) {
         console.warn(
-            "Saving to cookies was not successful, this indicates a configuration error or the browser preventing us from writing the cookies (e.g.: incognito mode)."
+            "Saving to cookies was not successful, this indicates a configuration error or the browser preventing us from writing the cookies."
         );
     }
 

diff --git a/lib/ts/xmlhttprequest.ts b/lib/ts/xmlhttprequest.ts
@@ -70,6 +70,7 @@ export function addInterceptorsToXMLHttpRequest() {
         function delayIfNecessary(cb: () => void | Promise<void>) {
             delayedQueue = delayedQueue.finally(() =>
                 cb()?.catch(err => {
+                    // Call the onerror handler to ensure XHR throws this error.
                     const ev = new ProgressEvent("error");
                     (ev as any).error = err;
                     if (self.onerror !== undefined && self.onerror !== null) {
@@ -649,7 +650,11 @@ async function saveTokensFromHeaders(headers: Headers) {
 
     const antiCsrfToken = headers.get("anti-csrf");
     if (antiCsrfToken !== null) {
-        const tok = await getLocalSessionState(true);
+        // At this point, the session has either been newly created or refreshed.
+        // Thus, there's no need to call getLocalSessionState with tryRefresh: true.
+        // Calling getLocalSessionState with tryRefresh: true will cause a refresh loop
+        // if cookie writes are disabled.
+        const tok = await getLocalSessionState(false);
         if (tok.status === "EXISTS") {
             logDebugMessage("saveTokensFromHeaders: Setting anti-csrf token");
             await AntiCsrfToken.setItem(tok.lastAccessTokenUpdate, antiCsrfToken);