feat(auth): remove auth_token cookie injection from Vite dev proxy

With the Spring Session model the browser forwards fa_session itself — the proxy no longer needs to translate auth_token → Authorization: Basic. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-17 20:55:30 +02:00
parent 6193e28587
commit d301825e50
1 changed files with 3 additions and 13 deletions
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -17,19 +17,9 @@ export default defineConfig({
 		proxy: {
 			'/api': {
 				target: process.env.API_PROXY_TARGET || 'http://localhost:8080',
-				changeOrigin: true,
-				// Inject Authorization header from the auth_token cookie so that
-				// browser-side fetch('/api/...') calls work the same as SSR fetches
-				// (which go through handleFetch in hooks.server.ts).
-				configure: (proxy) => {
-					proxy.on('proxyReq', (proxyReq, req) => {
-						const cookies = req.headers.cookie ?? '';
-						const match = cookies.match(/auth_token=([^;]+)/);
-						if (match) {
-							proxyReq.setHeader('Authorization', decodeURIComponent(match[1]));
-						}
-					});
-				}
+				changeOrigin: true
+				// The browser forwards the fa_session cookie to the backend automatically;
+				// no header injection needed (ADR-020).
 			}
 		}
 	},