Skip to content

fix: prevent HttpClient from sending "Authorization: undefined" on ARM requests#9420

Draft
bjbennet with Copilot wants to merge 2 commits into
mainfrom
copilot/fix-code-for-review-comment-again
Draft

fix: prevent HttpClient from sending "Authorization: undefined" on ARM requests#9420
bjbennet with Copilot wants to merge 2 commits into
mainfrom
copilot/fix-code-for-review-comment-again

Conversation

Copilot AI commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Commit Type

  • feature - New functionality
  • fix - Bug fix
  • refactor - Code restructuring without behavior change
  • perf - Performance improvement
  • docs - Documentation update
  • test - Test-related changes
  • chore - Maintenance/tooling

Risk Level

  • Low - Minor changes, limited scope
  • Medium - Moderate changes, some user impact
  • High - Major changes, significant user/system impact

What & Why

HttpClient used template string interpolation for Authorization headers (e.g. `${this._accessToken}`). When _accessToken is undefined, JS coerces it to the literal string "undefined", sending Authorization: undefined on outbound requests — particularly dangerous now that token-refresh support clears/replaces the token mid-session.

Replace all five template-string coercions across get, patch, post, put, and delete with nullish coalescing:

// Before — sends "Authorization: undefined" when token is cleared
Authorization: `${isArmId ? this._accessToken : ''}`,

// After — sends empty string instead of the bogus literal
Authorization: isArmId ? (this._accessToken ?? '') : '',

Impact of Change

  • Users: Eliminates spurious auth failures caused by a bogus Authorization: undefined header during token refresh cycles.
  • Developers: No API changes; behavior is identical when a valid token is present.
  • System: No architectural or dependency changes.

Test Plan

  • Unit tests added/updated
  • E2E tests added/updated
  • Manual testing completed
  • Existing unit tests in httpClient.spec.ts continue to pass; all test cases use a valid token so no assertions change.

Contributors

Screenshots/Videos

Copilot AI changed the title [WIP] Fix code as per review comment fix: prevent HttpClient from sending "Authorization: undefined" on ARM requests Jul 17, 2026
Copilot AI requested a review from bjbennet July 17, 2026 21:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants