From 13a31ef31e8c183ff439ea67126aa2824d95d5ba Mon Sep 17 00:00:00 2001 From: DeathGun44 Date: Tue, 31 Mar 2026 00:04:12 +0530 Subject: [PATCH] WEB-899: Fix tenant header dropped on absolute Fineract URLs --- .../authentication.interceptor.ts | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/app/core/authentication/authentication.interceptor.ts b/src/app/core/authentication/authentication.interceptor.ts index 7834d499a9..2635dfac05 100644 --- a/src/app/core/authentication/authentication.interceptor.ts +++ b/src/app/core/authentication/authentication.interceptor.ts @@ -41,8 +41,7 @@ export class AuthenticationInterceptor implements HttpInterceptor { * Intercepts a Http request and sets the request headers. */ intercept(request: HttpRequest, next: HttpHandler): Observable> { - // Skip Fineract auth headers for external API calls (e.g. remittance, national ID) - if (request.url.startsWith('http://') || request.url.startsWith('https://')) { + if (this.isExternalUrl(request.url)) { return next.handle(request); } if (this.settingsService.tenantIdentifier) { @@ -52,6 +51,23 @@ export class AuthenticationInterceptor implements HttpInterceptor { return next.handle(request); } + /** + * Absolute URLs pointing at our own Fineract server are internal — ApiPrefixInterceptor + * (in HttpService's dynamic chain) may have already converted relative URLs to absolute ones. + */ + private isExternalUrl(url: string): boolean { + try { + const requestOrigin = new URL(url).origin; + const server = this.settingsService.server; + if (server) { + return requestOrigin !== new URL(server).origin; + } + return true; + } catch { + return false; // Relative URL (new URL() throws) → internal + } + } + /** * Sets the basic/oauth authorization header depending on the configuration. * @param {string} authenticationKey Authentication key.