marcel/familienarchiv
1
0
Fork 0
Code Issues 105 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(auth): proxy document file requests server-side to prevent Basic Auth popup
Some checks are pending
CI / Unit & Component Tests (push) Successful in 1m55s
Details
CI / Backend Unit Tests (push) Successful in 2m8s
Details
CI / E2E Tests (push) Has started running
Details

Browse Source 
Client-side fetch('/api/documents/{id}/file') bypassed the handleFetch hook
that injects the Authorization header, causing the browser to receive a 401
with WWW-Authenticate: Basic and show a native auth dialog.

Added a SvelteKit server route at /api/documents/[id]/file that proxies the
request through the server, where handleFetch injects the auth cookie correctly.

Also fixed E2E default password (admin → admin123) to match application.yaml.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-03-20 11:01:31 +01:00
parent e9b03ee6a9
commit 203b7d2b08
3 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
frontend/e2e/helpers/auth.ts
View File

@@ -3,7 +3,7 @@ import type { Page } from '@playwright/test';
export async function login(
page: Page,
username = process.env.E2E_USERNAME ?? 'admin',
password = process.env.E2E_PASSWORD ?? 'admin'
password = process.env.E2E_PASSWORD ?? 'admin123'
) {
await page.goto('/login');
await page.getByLabel('Benutzername').fill(username);