Skip to main content

Interface: IFetchOverriderConfig

Defined in: src/utils/fetch-overrider.ts:12

Monkey-patches window.fetch to inject an x-app-authorization header on every request whose URL matches one of the provided API base URLs.

Picsart's backend APIs require an app-level authorization token separate from the user's Bearer token. The photo-editor injects this globally via a fetch override so no individual callsite needs to remember it.

Properties

additionalHeaders?

optional additionalHeaders?: Record<string, string>

Defined in: src/utils/fetch-overrider.ts:18

Extra headers injected with set-if-absent semantics (e.g., x-touchpoint, platform)

apiUrls?

optional apiUrls?: string[]

Defined in: src/utils/fetch-overrider.ts:16

API base URLs to match — only requests starting with one of these get the header. When empty, all requests are matched.

appAuthorizationToken

appAuthorizationToken: string

Defined in: src/utils/fetch-overrider.ts:14

The app-level authorization token (e.g., "Bearer eyJ...")

getAuthorizationHeader?

optional getAuthorizationHeader?: () => string | undefined

Defined in: src/utils/fetch-overrider.ts:20

Called at fetch time — when it returns a non-empty string, Authorization is used instead of x-app-authorization

Returns

string | undefined

waitForAuthReady?

optional waitForAuthReady?: () => Promise<void>

Defined in: src/utils/fetch-overrider.ts:28

Gate that the override awaits before injecting headers on a matched request. Use to hold the miniapp's first fetches until the host's auth status leaves pending, so those requests carry a fresh Authorization header instead of flying out anonymously and relying on a downstream 401 to trigger a refresh-and-retry.

Returns

Promise<void>

waitForAuthReadyExcludePaths?

optional waitForAuthReadyExcludePaths?: string[]

Defined in: src/utils/fetch-overrider.ts:42

Path substrings that MUST bypass the waitForAuthReady gate. The auth-settlement fetch itself falls here — growth-rc's ${API_URL}/oauth2/refresh is what drives authStatus from pending to a terminal state, so gating it on waitForAuthReady creates a deadlock: the refresh waits for auth, but auth can't settle without the refresh completing. Match is a plain substring test on the URL — ["/oauth2/refresh"] covers every environment regardless of the API_URL the backend is configured with.

Headers are still injected on these requests; only the gate is skipped.