From 112846d265dc072d0623aac4225d9068c43b79a7 Mon Sep 17 00:00:00 2001 From: 7ttp <117663341+7ttp@users.noreply.github.com> Date: Tue, 9 Dec 2025 20:54:45 +0530 Subject: [PATCH] fix(realtime): omit authorization header when no access token exists --- .../core/realtime-js/src/RealtimeChannel.ts | 37 ++++++++++--------- .../test/RealtimeChannel.messaging.test.ts | 20 ++++++---- 2 files changed, 32 insertions(+), 25 deletions(-) diff --git a/packages/core/realtime-js/src/RealtimeChannel.ts b/packages/core/realtime-js/src/RealtimeChannel.ts index aa73036aa..4db043390 100644 --- a/packages/core/realtime-js/src/RealtimeChannel.ts +++ b/packages/core/realtime-js/src/RealtimeChannel.ts @@ -554,21 +554,22 @@ export default class RealtimeChannel { payload: any, opts: { timeout?: number } = {} ): Promise<{ success: true } | { success: false; status: number; error: string }> { - const authorization = this.socket.accessTokenValue - ? `Bearer ${this.socket.accessTokenValue}` - : '' - if (payload === undefined || payload === null) { return Promise.reject('Payload is required for httpSend()') } + const headers: Record = { + apikey: this.socket.apiKey ? this.socket.apiKey : '', + 'Content-Type': 'application/json', + } + + if (this.socket.accessTokenValue) { + headers['Authorization'] = `Bearer ${this.socket.accessTokenValue}` + } + const options = { method: 'POST', - headers: { - Authorization: authorization, - apikey: this.socket.apiKey ? this.socket.apiKey : '', - 'Content-Type': 'application/json', - }, + headers, body: JSON.stringify({ messages: [ { @@ -626,16 +627,18 @@ export default class RealtimeChannel { ) const { event, payload: endpoint_payload } = args - const authorization = this.socket.accessTokenValue - ? `Bearer ${this.socket.accessTokenValue}` - : '' + const headers: Record = { + apikey: this.socket.apiKey ? this.socket.apiKey : '', + 'Content-Type': 'application/json', + } + + if (this.socket.accessTokenValue) { + headers['Authorization'] = `Bearer ${this.socket.accessTokenValue}` + } + const options = { method: 'POST', - headers: { - Authorization: authorization, - apikey: this.socket.apiKey ? this.socket.apiKey : '', - 'Content-Type': 'application/json', - }, + headers, body: JSON.stringify({ messages: [ { diff --git a/packages/core/realtime-js/test/RealtimeChannel.messaging.test.ts b/packages/core/realtime-js/test/RealtimeChannel.messaging.test.ts index 5b26f6574..f75b07020 100644 --- a/packages/core/realtime-js/test/RealtimeChannel.messaging.test.ts +++ b/packages/core/realtime-js/test/RealtimeChannel.messaging.test.ts @@ -330,7 +330,7 @@ describe('send', () => { { description: 'without access token', accessToken: undefined, - expectedAuth: '', + expectedAuth: undefined, }, { description: 'with access token', @@ -363,13 +363,17 @@ describe('send', () => { config: { private: true }, }) + const expectedHeaders: Record = { + apikey: 'abc123', + 'Content-Type': 'application/json', + } + if (expectedAuth) { + expectedHeaders['Authorization'] = expectedAuth + } + const expectedBody = { method: 'POST', - headers: { - Authorization: expectedAuth, - apikey: 'abc123', - 'Content-Type': 'application/json', - }, + headers: expectedHeaders, body: '{"messages":[{"topic":"topic","event":"test","private":true}]}', signal: new AbortController().signal, } @@ -498,12 +502,12 @@ describe('httpSend', () => { { name: 'without access token', hasToken: false, - expectedAuth: '', + expectedAuth: undefined as string | undefined, }, { name: 'with access token', hasToken: true, - expectedAuth: 'Bearer token123', + expectedAuth: 'Bearer token123' as string | undefined, }, ]