Angular2-jwt: 1.0.0-beta.10: Failed to construct 'URL': Invalid URL
with beta 9 everything was working fine but with beta10 i get now:
Failed to construct 'URL': Invalid URL
url example:
/api/v1/system/mode (same server)
JwtModule.forRoot({
config: {
tokenGetter: tokenGetter,
whitelistedDomains: ['localhost']
}
}),
export function tokenGetter() {
return localStorage.getItem(Configuration.AUTH_TOKEN_ID);
}
This issue is caused by the changes on src/jwt.interceptor.ts in pull request #438
const requestUrl = new URL(request.url);
will not accept relative urls. It has to be new URL(relative, base)or new URL(full-url)
ghost
All 30 comments
+1
laran
on 31 Jan 2018
I have the same error. Beta 9 works.
jameskentTX
on 31 Jan 2018
same issue
miguelcaravantes
on 31 Jan 2018
Any word on this? Did you find any work-arounds @DaveXCS ? I have an interceptor that makes it a full url, but unfortunately it looks like the jwt interceptor is first in the chain and i don't seem to be able to change it so my interceptor is first.
cmcclellen
on 8 Feb 2018
same issue
fititrick
on 12 Feb 2018
The current workaround is to use full url or use beta9.
The author of the pull request has the opinion that a crashing or non working application is better than an unsafe application.
I would personally prefer to make it safe and working but it seems they have different understanding about that :-)
ghost
on 12 Feb 2018
@DaveXCS Unfortunately, I don't get it working. Maybe it's an issue because I'm using the Ionic Framework (3.9.2)? At the moment, I'm doing this:
whitelistedDomains: [new URL('http://localhost:1337'), new URL('https://api.myurl.com')]
But the same Error: TypeError: Failed to construct 'URL': Invalid URL
With beta.9 it was:
whitelistedDomains: ['localhost:1337', 'api.myurl.com']
Mike1707
on 12 Feb 2018
The problem is not the url of the whitlisted domains. The problem is if you send any request with the angular http service e.g.:
this.http.get('/api/values', httpOptions)
will not work but
this.http.get('http://localhost:3030/app/api/values', httpOptions)
will work.
Beta9 had a try catch around const requestUrl = new URL(request.url);
So in the case of a relative url the error 'Invalid URL' was catched with an empty catch block.
In Beta10 they removed the try/catch and now relative url requests are no longer working (which is the default on most of the application).
Beta9:
isWhitelistedDomain(request: HttpRequest<any>): boolean {
let requestUrl: URL;
try {
requestUrl = new URL(request.url);
return (
this.whitelistedDomains.findIndex(
domain =>
typeof domain === 'string'
? domain === requestUrl.host
: domain instanceof RegExp ? domain.test(requestUrl.host) : false
) > -1
);
} catch (err) {
// if we're here, the request is made
// to the same domain as the Angular app
// so it's safe to proceed!!!
return true;
}
The second options is not to use this http interceptor at all and manually add the token in every request (add "Authentication: Bearer token" to the header in the http options)
ghost
on 12 Feb 2018
That's very interesting since I'm totally sure I just use full URLs in all of my requests.
Mike1707
on 12 Feb 2018
At the point the interceptors are called, how do you ever know the full path?
I want an application to be able to work on dev, test, prod servers and domain names might change so I never want any specific domain hard coded. I suppose I need to make a non-intercepted request first to get the baseUrl of the deployment and then use that?
mjb1632
on 14 Feb 2018
you could do here sth like -> if request.url starts with '/' (or regex expression) and whitlisted domains contain 'localhost' -> return true so you don't need the full url.
btw you can write your own interceptor instead of the angular-jwt interceptor sth like that:
@Injectable()
export class TokenInterceptor implements HttpInterceptor {
constructor(public auth: AuthService) {}
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
request = request.clone({
setHeaders: {
Authorization: `Bearer ${this.auth.getToken()}`
}
});
return next.handle(request);
}
}
There are also cases where it's impossible to know the full URL in advance (the final prod host name is unknown at development time). I think the library has to allow for relative URLs.
brian428
on 22 Feb 2018
Could we just replace the creation of the url by this :
var requestUrl = new URL(request.url, /^https?:\/\//i.test(request.url) ? undefined : window.location.href)
in the mean time, open the file in the node_module jwt.interceptor.js and replace the faulty line by what i proposed and it should work.
Sambaja
on 27 Feb 2018
Same issue here.
Sample URL: "./assets/i18n/en.json"
anibalsanchez
on 10 Mar 2018
Why hasn't this been addressed before the final release?
dushkostanoeski
on 11 Mar 2018
@Sambaja we are using this library under {N}ativeScript on iOS / Android. I'd prefer the fix in #489 if possible.
noumaans
on 11 Mar 2018
Hi everybody,
I was dealing with exactly the same issue after updating to 1.0.0, even if I was already using absolute URLs in all of my requests. After investigating, I realized that the problem was coming from the custom factory of the translation package TranslateModule.
export function TranslateFactory(http: HttpClient): TranslateHttpLoader {
return new TranslateHttpLoader(http, './assets/i18n/', '.json');
}
And this is how I fixed it.
export function TranslateFactory(http: HttpClient): TranslateHttpLoader {
return new TranslateHttpLoader(http, location.origin + '/assets/i18n/', '.json');
}
Hope this will be helpful!
red-ab
on 12 Mar 2018
That's right. It's a very good solution by the moment. Thank you so much!!
jualoppaz
on 12 Mar 2018
Same issue :(
Meanwhile I had to do a downgrade to 1.0.0-beta.9 version.
elfrasco
on 12 Mar 2018
Same issue :(
Meanwhile I had to do a downgrade to 1.0.0-beta.9 version.
ydemir
on 12 Mar 2018
The workaround with location.origin works perfectly fine... Still, it should only whitelist URIs with a domain, and not throw errors with any other URIs.
anibalsanchez
on 12 Mar 2018
Same problem with release 1.0.0 :(
aaronte
on 12 Mar 2018
Same problem with release 1.0.0
liofal
on 13 Mar 2018
Can confirm, same problem with release 1.0.0 :(
plz fix it, reverting to beta 9.
valera33
on 13 Mar 2018
Same issue here, reverting to beta 9 :/
kadavre
on 14 Mar 2018
Same issue, fallback to beta.9 did work as a charm
thir13en
on 14 Mar 2018
This should be fixed with the release of 1.1.0.
aamir1995
on 15 Mar 2018
Confirmed. Solved with 1.1.0.
anibalsanchez
on 16 Mar 2018
Thanks! Will upvote as soon as I sign in GitHub!
Il 16 mar 2018 5:59 PM, "Anibal Sanchez" notifications@github.com ha
scritto:
Confirmed. Solved with 1.1.0.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/auth0/angular2-jwt/issues/477#issuecomment-373778496,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AVOr2eHu9OgY2UhHswZZ8cvUdUnouIJPks5te-9qgaJpZM4RybZh
.
thir13en
on 16 Mar 2018
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇♂️
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 26 Oct 2019
Related issues
tekkudoc
·
5Comments
ciesielskico
·
5Comments
wannabegeek
·
3Comments
kolkov
·
3Comments
dmitrybz
·
4Comments
Most helpful comment
Hi everybody,
I was dealing with exactly the same issue after updating to 1.0.0, even if I was already using absolute URLs in all of my requests. After investigating, I realized that the problem was coming from the custom factory of the translation package TranslateModule.
And this is how I fixed it.
Hope this will be helpful!