Skip to content

Unsafe null destructuring in auth credentials #1133

New issue
New issue
Open
#1134
Open
Unsafe null destructuring in auth credentials#1133
#1134
Labels
bugSomething isn't working
@Anshumancanrock

Description

@Anshumancanrock
Anshumancanrock
opened on Jan 30, 2026

Description:

When users aren't authenticated, API methods in EmbeddedChatApi.ts send the literal string "undefined" in auth headers instead of empty values. This happens because of unsafe destructuring: (await this.auth.getCurrentUser()) || {} returns an empty object when the user is null, causing userId and authToken to be undefined.

Steps to reproduce:

  1. Call any API method when user is not logged in
  2. Check the HTTP request headers
  3. See X-Auth-Token: "undefined" and X-User-Id: "undefined" (literal strings)

Expected behavior:

Auth headers should contain empty strings "" when user is not authenticated, not the literal string "undefined".

Actual behavior:

37 API methods send "undefined" as header values due to the unsafe pattern || {}. Headers.set() converts JavaScript undefined to the string "undefined".

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions