Skip to content

fix(nextjs): remove unnecessary csrfToken dependency from useCallback#54

Merged
muneebs merged 2 commits intomainfrom
fix/usecallback-csrftoken-dep
Apr 22, 2026
Merged

fix(nextjs): remove unnecessary csrfToken dependency from useCallback#54
muneebs merged 2 commits intomainfrom
fix/usecallback-csrftoken-dep

Conversation

@muneebs
Copy link
Copy Markdown
Owner

@muneebs muneebs commented Apr 22, 2026
edited by coderabbitai Bot
Loading

This PR addresses issue #53.

Problem

The React secureFetch wrapper included csrfToken in the useCallback dependency array. This caused the function reference to change every time a new token was received, which in turn made CsrfContextValue unstable and triggered unnecessary re-renders in any component consuming useCsrf().

Solution

  1. Removed csrfToken from the dependency array — the callback only needs config to remain stable.
  2. Removed the redundant newToken !== csrfToken check — React's setState already bails out for identical primitive string values, so manual equality checking was unnecessary.

Verification

  • pnpm --filter @csrf-armor/nextjs test48 passed
  • pnpm type-checkclean
  • pnpm lintclean

Changeset

Patch bump for @csrf-armor/nextjs.

Fixes #53

Summary by CodeRabbit

Bug Fixes

  • Improved CSRF token handling to reduce unnecessary component re-renders and enhance application performance while maintaining security and token update functionality.

muneebs added 2 commits April 22, 2026 15:52
@muneebs
fix(nextjs): remove unnecessary csrfToken dependency from useCallback
f8f696b 
Remove csrfToken from the secureFetch useCallback dependency array and
drop the redundant newToken !== csrfToken comparison. React's setState
already bails out for identical primitive values, so the equality check
was unnecessary. The unstable function reference was causing the
CsrfContextValue to change on every token update, triggering unwanted
re-renders in downstream components.

Fixes #53
@muneebs
Merge branch 'main' into fix/usecallback-csrftoken-dep
efa037b
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 22, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 59410d27-5fa8-4f5d-bb6a-6ded2fbd194a

📥 Commits

Reviewing files that changed from the base of the PR and between 17708d8 and efa037b.

📒 Files selected for processing (2)
  • .changeset/fix-usecallback-csrftoken-dep.md
  • packages/nextjs/src/client/react.tsx

Walkthrough

A bug fix was implemented to reduce unnecessary re-renders in the CSRF context by removing csrfToken from the useCallback dependency array and eliminating a redundant equality check in the secureFetch function.

Changes

Cohort / File(s) Summary
Bug Fix Documentation
.changeset/fix-usecallback-csrftoken-dep.md		 Added Changesets entry documenting the patch-level fix for unnecessary csrfToken dependency and redundant state equality check.
React Context Update
packages/nextjs/src/client/react.tsx		 Removed csrfToken from useCallback dependency array (changed from [config, csrfToken] to [config]) and eliminated redundant equality check newToken !== csrfToken, now unconditionally updating state when a new token is received in the response.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested labels

bug

Suggested reviewers

  • raulcrisan

Poem

🐰 A hop and a skip, we've trimmed the fat,
No needless checks or deps like that!
State updates flow, so smooth and clean,
Re-renders reduced—a rabbit's dream! ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately and concisely summarizes the main change: removing the csrfToken dependency from useCallback to fix unnecessary re-renders.
Linked Issues check ✅ Passed The PR fully implements the proposed solution from issue #53: removes csrfToken from useCallback dependency, eliminates redundant token equality check, and maintains token update behavior.
Out of Scope Changes check ✅ Passed All changes are directly related to the stated objective of issue #53; no out-of-scope modifications are present in the changeset.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/usecallback-csrftoken-dep

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@muneebs muneebs merged commit e3da9dc into main Apr 22, 2026
9 checks passed
@github-actions github-actions Bot mentioned this pull request Apr 22, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: Unneeded dependency causes unnecessary re-renders

1 participant

@muneebs