-
Notifications
You must be signed in to change notification settings - Fork 0
Blacklisting and whitelisting domains
You can control which HTTP requests JwtInterceptor will insert Authorization header fields into by configuring the blacklistedDomains or the whitelistedDomains.
If you want JwtInterceptor to insert an Authorization header to every HTTP request apart from requests to a small number of domains then you can blacklist those domains. For example, if your tokenGetter() function makes an HTTP request to a domain 'auth-server.com' to authenticate and obtain a JWT token then you would not want JwtInterceptor to attempt to insert an Authorization header for any HTTP requests going to 'auth-server.com'. In this case you can simply set:
blacklistedDomains: ['auth-server.com']
Multiple domains can be blacklisted like so:
blacklistedDomains: ['auth-server1.com', 'auth-server2.com']
If you want JwtInterceptor to only insert an Authorization header for HTTP requests to specific domains then you can whitelist those domains. For example, if you make HTTP requests to multiple APIs on domains 'unprotected-api.com' and 'protected-api.com' and you only need to supply a token for authorisation for requests going to 'protected-api.com' then you would configure that domain to be whitelisted like so:
whitelistedDomains: ['protected-api.com']
Multiple domains can be whitelisted like so:
whitelistedDomains: ['protected-api1.com', 'protected-api2.com']
Both blacklistedDomains and whitelistedDomains can contain regular expressions to match on multiple domains. For example, the above examples could be more concisely configured as:
blacklistedDomains: [new RegExp('auth-server\\d+\\.com')]
or
whitelistedDomains: [/protected-api\d+\.com/]
Both string and RegExps can be matched in a single configuration to provide flexibility, for example:
blacklistedDomains: [/auth-server\d+\.com/, 'unprotected-api.com']