Skip to content

feat(http): Add support for fetch referrer & integrity options in Htt… #62417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

feat(http): Add support for fetch referrer & integrity options in Htt… #62417

wants to merge 2 commits into from
+637 −0

Conversation

SkyZeroZx
Copy link
Contributor

This commit adds support for the Fetch API's referrer and integrity options when using HttpClient with the withFetch provider.

The change includes:

  • Added referrer and integrity to the HttpRequestInit interface
  • Updated FetchBackend to forward these options to the native fetch call
  • Added unit tests to ensure the options are correctly passed and respected

Motivation / Use Cases

The referrer and integrity options enhance request control and security:

  • referrer: Customize or restrict the Referer header sent with a request ('no-referrer', 'origin', or a specific URL)
  • integrity: Enables Subresource Integrity (SRI) by verifying fetched content against a cryptographic hash, ensuring resource integrity and preventing tampering

Use cases include:

  • Ensuring sensitive requests do not leak origin data (referrer: 'no-referrer')
  • Applying SRI checks for assets like scripts or styles (integrity: 'sha512-...')
  • Tightening security on resource fetching in production environments

Proposed Solution

  • Add referrer and integrity to the HttpRequestInit interface
  • Update the HttpRequest and FetchBackend to support and pass these options
  • Retain backward compatibility with existing HttpClient behavior

Examples of New Usage

// Request without referrer header and with integrity check
http.get('/scripts/app.js', {
  referrer: 'no-referrer',
  integrity: 'sha512-...'
}).subscribe();

@SkyZeroZx
feat(http): Add support for fetch referrer & integrity options in Htt…
cb6ae5d 
…pClient

Enhances Angular HttpClient requests with Fetch API referrer and integrity options to optimize security
@pullapprove pullapprove bot requested a review from thePunderWoman July 2, 2025 04:17
@angular-robot angular-robot bot added detected: feature PR contains a feature commit area: common/http Issues related to HTTP and HTTP Client labels Jul 2, 2025
@ngbot ngbot bot added this to the Backlog milestone Jul 2, 2025
thePunderWoman
thePunderWoman approved these changes Jul 2, 2025
View reviewed changes
Copy link
Contributor

@thePunderWoman thePunderWoman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

reviewed-for: fw-general, public-api

crisbeto
crisbeto approved these changes Jul 3, 2025
View reviewed changes
Copy link
Member

@crisbeto crisbeto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed-for: public-api

@thePunderWoman thePunderWoman added target: rc This PR is targeted for the next release-candidate action: merge The PR is ready for merge by the caretaker target: minor This PR is targeted for the next minor release and removed target: rc This PR is targeted for the next release-candidate labels Jul 3, 2025
@thePunderWoman
Copy link
Contributor

This PR was merged into the repository by commit 1cf9d90.

The changes were merged into the following branches: main

@SkyZeroZx SkyZeroZx mentioned this pull request Jul 4, 2025
Closed
14 tasks
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Aug 3, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@thePunderWoman thePunderWoman thePunderWoman approved these changes

@crisbeto crisbeto crisbeto approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker area: common/http Issues related to HTTP and HTTP Client detected: feature PR contains a feature commit target: minor This PR is targeted for the next minor release
Projects
None yet
Milestone
Backlog
Development

Successfully merging this pull request may close these issues.
3 participants
@SkyZeroZx @thePunderWoman @crisbeto