Should your interceptor be so greedy?
hanoii opened this issue · 0 comments
We recently included this in a library and started to have issues with requests to third party services. Some we control, some we don't, until I found https://github.com/sahat/satellizer#question-how-can-i-avoid-sending-authorization-header-on-all-http-requests, which I actually found it first on the interceptor code
Line 19 in ae28633
I wonder if this is correct. Instead of providing a config option that you can use to disable, shouldn't be the other way around. Your should only intercept the calls that your module need to intercept and leave the others unaffected and you can give a way to add it by an option: includeAuthorization: true.
By introducing this module which I think is great BTW I am left with two options:
- Modify all (or most) of my
$http.get()requests to add the new configskipAuthorization: true - Create an interceptor myself, make sure it's loaded before yours and add that config to the requests I know needs not to have it.
I would normally expect a module with a purpose to do its work for that purpose alone.
I wonder if this was a design decision based on on something I am missing, but otherwise, I think it's best this way.