From aba63de16e677b5896cdf5bc40fa2322480efe7a Mon Sep 17 00:00:00 2001
From: Papageorgiou Nikos <admin@nikospap.com>
Date: Mon, 18 Nov 2024 18:48:18 +0200
Subject: [PATCH] chore(clerk-js): Exclude `_clerk_session_id` query param from
 `/waitlist` endpoint (#4594)

---
 .changeset/proud-carrots-carry.md                       | 5 +++++
 packages/clerk-js/src/core/__tests__/fapiClient.test.ts | 5 ++++-
 packages/clerk-js/src/core/fapiClient.ts                | 5 ++++-
 3 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 .changeset/proud-carrots-carry.md

diff --git a/.changeset/proud-carrots-carry.md b/.changeset/proud-carrots-carry.md
new file mode 100644
index 0000000000..b752913364
--- /dev/null
+++ b/.changeset/proud-carrots-carry.md
@@ -0,0 +1,5 @@
+---
+'@clerk/clerk-js': patch
+---
+
+Exclude `_clerk_session_id` query param from `/waitlist` endpoint
\ No newline at end of file
diff --git a/packages/clerk-js/src/core/__tests__/fapiClient.test.ts b/packages/clerk-js/src/core/__tests__/fapiClient.test.ts
index 9aaa045e02..43564da3f8 100644
--- a/packages/clerk-js/src/core/__tests__/fapiClient.test.ts
+++ b/packages/clerk-js/src/core/__tests__/fapiClient.test.ts
@@ -84,13 +84,16 @@ describe('buildUrl(options)', () => {
     );
   });
 
-  it('adds _clerk_session_id as a query parameter if provided and path does not start with client', () => {
+  it('adds _clerk_session_id as a query parameter if provided and path does not start with client or waitlist', () => {
     expect(fapiClient.buildUrl({ path: '/foo', sessionId: 'sess_42' }).href).toBe(
       `https://clerk.example.com/v1/foo?__clerk_api_version=${SUPPORTED_FAPI_VERSION}&_clerk_js_version=42.0.0&_clerk_session_id=sess_42`,
     );
     expect(fapiClient.buildUrl({ path: '/client/foo', sessionId: 'sess_42' }).href).toBe(
       `https://clerk.example.com/v1/client/foo?__clerk_api_version=${SUPPORTED_FAPI_VERSION}&_clerk_js_version=42.0.0`,
     );
+    expect(fapiClient.buildUrl({ path: '/waitlist', sessionId: 'sess_42' }).href).toBe(
+      `https://clerk.example.com/v1/waitlist?__clerk_api_version=${SUPPORTED_FAPI_VERSION}&_clerk_js_version=42.0.0`,
+    );
   });
 
   it('parses search params is an object with string values', () => {
diff --git a/packages/clerk-js/src/core/fapiClient.ts b/packages/clerk-js/src/core/fapiClient.ts
index 5b0e1fc46a..22ac16d221 100644
--- a/packages/clerk-js/src/core/fapiClient.ts
+++ b/packages/clerk-js/src/core/fapiClient.ts
@@ -57,6 +57,9 @@ export interface FapiClient {
   request<T>(requestInit: FapiRequestInit): Promise<FapiResponse<T>>;
 }
 
+// List of paths that should not receive the session ID parameter in the URL
+const unauthorizedPathPrefixes = ['/client', '/waitlist'];
+
 export function createFapiClient(clerkInstance: Clerk): FapiClient {
   const onBeforeRequestCallbacks: Array<FapiRequestCallback<unknown>> = [];
   const onAfterResponseCallbacks: Array<FapiRequestCallback<unknown>> = [];
@@ -116,7 +119,7 @@ export function createFapiClient(clerkInstance: Clerk): FapiClient {
       searchParams.append('_method', method);
     }
 
-    if (path && !path.startsWith('/client') && sessionId) {
+    if (path && !unauthorizedPathPrefixes.some(p => path.startsWith(p)) && sessionId) {
       searchParams.append('_clerk_session_id', sessionId);
     }