blackducksoftware · bseifert14 · Sep 18, 2025 · Sep 18, 2025 · Copilot · Sep 18, 2025
diff --git a/ui/src/main/js/Index.js b/ui/src/main/js/Index.js
@@ -10,6 +10,7 @@ import rootReducer from 'store/reducers';
 import { ThemeProvider } from 'react-jss';
 import theme from '_theme';
 import { dom } from '@fortawesome/fontawesome-svg-core';
+import HttpInterceptor from 'common/util/HttpInterceptor';
 
 const initialState = {};
 // Setup history
@@ -18,6 +19,9 @@ const history = createHistory();
 // Configure store with redux, thunk and history
 const store = createStore(rootReducer(history), initialState, applyMiddleware(thunk, routerMiddleware(history)));
 
+// Set up HTTP interceptor for 401 handling
+HttpInterceptor.setupGlobalInterceptor(store);
+
 dom.watch({
     autoReplaceSvgRoot: document
 });

diff --git a/ui/src/main/js/common/util/HttpInterceptor.js b/ui/src/main/js/common/util/HttpInterceptor.js
@@ -0,0 +1,46 @@
+class HttpInterceptor {
+    static AUTH_ENDPOINTS = [
+        '/alert/api/login',
+        '/alert/api/verify',
+        '/alert/api/csrf',
+        '/alert/api/verify/saml',
+        '/alert/api/logout'
+    ];
+
+    static isAuthEndpoint(url) {
+        return this.AUTH_ENDPOINTS.some(endpoint => url.includes(endpoint));
+    }
+
+    static isAlertApiCall(url) {
+        return url && url.includes('/alert/api/');
+    }
+
+    static shouldHandleUnauthorized(response, url) {
+        return response.status === 401 && 
+               this.isAlertApiCall(url) && 
+               !this.isAuthEndpoint(url);
+    }
+
+    static setupGlobalInterceptor(store) {
+        const { unauthorized } = require('../../store/actions/session');
+        const originalFetch = window.fetch;
+
+        window.fetch = async (...args) => {
+            try {
+                const response = await originalFetch(...args);
+                if (this.shouldHandleUnauthorized(response, args[0])) {
+                // if (this.shouldHandleUnauthorized({status: 401, ...response}, args[0])) {
-                // if (this.shouldHandleUnauthorized({status: 401, ...response}, args[0])) {
-                if (this.shouldHandleUnauthorized(response, args[0])) {
-                // if (this.shouldHandleUnauthorized({status: 401, ...response}, args[0])) {
+                const url = typeof args[0] === 'string' ? args[0] : args[0].url;
+                if (this.shouldHandleUnauthorized(response, url)) {
-                // if (this.shouldHandleUnauthorized({status: 401, ...response}, args[0])) {
-                if (this.shouldHandleUnauthorized(response, args[0])) {
-                // if (this.shouldHandleUnauthorized({status: 401, ...response}, args[0])) {
+                const url = typeof args[0] === 'string' ? args[0] : args[0].url;
+                if (this.shouldHandleUnauthorized(response, url)) {
+                    console.log('Unauthorized access detected, logging out user');
+                    store.dispatch(unauthorized());
+                }
+
+                return response;
+            } catch (error) {
+                // Don't interfere with network errors
+                throw error;
+            }
+        };
+    }
+}
+
+export default HttpInterceptor;