diff --git a/src/app/core/xsrf/xsrf-fallback.interceptor.spec.ts b/src/app/core/xsrf/xsrf-fallback.interceptor.spec.ts index 2bc81025ac..2c81b8ba53 100644 --- a/src/app/core/xsrf/xsrf-fallback.interceptor.spec.ts +++ b/src/app/core/xsrf/xsrf-fallback.interceptor.spec.ts @@ -45,18 +45,6 @@ describe('XsrfFallbackInterceptor', () => { httpMock.verify() }) - it('passes through without adding header when production is true', () => { - const env = (window as any).runtimeEnvironment - env.production = true - cookieGetSpy.and.returnValue('xsrf-token-123') - - http.post(apiBase + 'works/work.json', {}).subscribe() - - const req = httpMock.expectOne(apiBase + 'works/work.json') - expect(req.request.headers.has('x-xsrf-token')).toBe(false) - req.flush({}) - env.production = false - }) it('passes through GET requests without adding header', () => { http.get(apiBase + 'works/works.json').subscribe() diff --git a/src/app/core/xsrf/xsrf-fallback.interceptor.ts b/src/app/core/xsrf/xsrf-fallback.interceptor.ts index 27c0bf46a6..0015e92fcd 100644 --- a/src/app/core/xsrf/xsrf-fallback.interceptor.ts +++ b/src/app/core/xsrf/xsrf-fallback.interceptor.ts @@ -17,8 +17,6 @@ declare const runtimeEnvironment: any * support (configured via withXsrfConfiguration) does not attach the header, * especially when using the local proxy setup. * - * Only active when not in production (local development runs). - * * Behaviour: * - For mutating backend calls (POST/PUT/PATCH/DELETE) to ORCID web APIs: * - If an XSRF header is already present, do nothing. @@ -34,11 +32,6 @@ export class XsrfFallbackInterceptor implements HttpInterceptor { req: HttpRequest, next: HttpHandler ): Observable> { - // Only apply fallback in local development (e.g. proxy / same-origin dev) - if (runtimeEnvironment.production) { - return next.handle(req) - } - const method = (req.method ?? '').toUpperCase() // Only care about mutating requests