fix: check Content-Type before parsing JSON in fetchExternal (#40958)

Pavan-Microsoft · Copilot · Pavan-Microsoft · commit ba4b53b2a6fe · 2026-04-23T13:23:29.000+05:30
When auth is not configured, /.auth/me returns HTML instead of JSON,
causing a SyntaxError in the browser console. Added Content-Type
validation to throw a descriptive error that the catch block in
appSlice handles gracefully, falling back to anonymous user.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/src/App/src/utils/httpClient.ts b/src/App/src/utils/httpClient.ts
@@ -68,6 +68,10 @@ class HttpClient {
     if (!response.ok) {
       throw new Error(`${config.method || 'GET'} ${url} failed: ${response.statusText}`);
     }
+    const contentType = response.headers.get('content-type') || '';
+    if (!contentType.includes('application/json')) {
+      throw new Error(`${config.method || 'GET'} ${url} returned non-JSON response (${contentType})`);
+    }
     return response.json();
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,10 @@ class HttpClient {`
`68`	`68`	`if (!response.ok) {`
`69`	`69`	throw new Error(`${config.method \|\| 'GET'} ${url} failed: ${response.statusText}`);
`70`	`70`	`}`
	`71`	`+ const contentType = response.headers.get('content-type') \|\| '';`
	`72`	`+ if (!contentType.includes('application/json')) {`
	`73`	+ throw new Error(`${config.method \|\| 'GET'} ${url} returned non-JSON response (${contentType})`);
	`74`	`+ }`
`71`	`75`	`return response.json();`
`72`	`76`	`}`
`73`	`77`	`}`