fix(dev): inject Authorization header from cookie in Vite dev proxy

Browser-side fetch('/api/...') calls bypass SvelteKit's handleFetch hook (which adds the Authorization header from the auth_token cookie for SSR). As a result, client-side API calls in the dev server always got a 401. Add a proxy configure hook that extracts the auth_token cookie from incoming requests and sets it as the Authorization header before forwarding to the backend. This makes browser-side fetches (history panel, file preview, etc.) work correctly in dev mode. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-23 17:05:20 +01:00
parent 62f62a89a1
commit 4f69457a68
1 changed files with 13 additions and 1 deletions
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -13,7 +13,19 @@ export default defineConfig({
 		proxy: {
 			'/api': {
 				target: process.env.API_PROXY_TARGET || 'http://localhost:8080',
-				changeOrigin: true
+				changeOrigin: true,
+				// Inject Authorization header from the auth_token cookie so that
+				// browser-side fetch('/api/...') calls work the same as SSR fetches
+				// (which go through handleFetch in hooks.server.ts).
+				configure: (proxy) => {
+					proxy.on('proxyReq', (proxyReq, req) => {
+						const cookies = req.headers.cookie ?? '';
+						const match = cookies.match(/auth_token=([^;]+)/);
+						if (match) {
+							proxyReq.setHeader('Authorization', decodeURIComponent(match[1]));
+						}
+					});
+				}
 			}
 		}
 	},