aktueller stand

services/sessionRefresh.js

@@ -6,6 +6,21 @@ function isUnauthorizedError(error) {
   return status === 401 || status === 403;
 }
 
+function isCsrfError(error) {
+  const status = error?.response?.status;
+  if (status !== 400) {
+    return false;
+  }
+  const data = error?.response?.data;
+  const message =
+    typeof data === 'string'
+      ? data
+      : typeof data?.message === 'string'
+      ? data.message
+      : '';
+  return message.toLowerCase().includes('csrf');
+}
+
 async function refreshSession(session, { label } = {}) {
   if (!session?.credentials?.email || !session?.credentials?.password) {
     console.warn(
@@ -62,7 +77,7 @@ async function withSessionRetry(session, action, { label } = {}) {
   try {
     return await action();
   } catch (error) {
-    if (!isUnauthorizedError(error)) {
+    if (!isUnauthorizedError(error) && !isCsrfError(error)) {
       throw error;
     }
     const refreshed = await refreshSession(session, { label });