marcel/familienarchiv
1
0
Fork 0
Code Issues 103 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(auth): remove auth_token cookie injection from Vite dev proxy

Browse Source 
With the Spring Session model the browser forwards fa_session itself —
the proxy no longer needs to translate auth_token → Authorization: Basic.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-17 20:55:30 +02:00
parent 6193e28587
commit d301825e50
1 changed files with 3 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
frontend/vite.config.ts
View File

@@ -17,19 +17,9 @@ export default defineConfig({
proxy: { proxy: {
'/api': { '/api': {
target: process.env.API_PROXY_TARGET || 'http://localhost:8080', target: process.env.API_PROXY_TARGET || 'http://localhost:8080',
changeOrigin: true, changeOrigin: true
// Inject Authorization header from the auth_token cookie so that // The browser forwards the fa_session cookie to the backend automatically;
// browser-side fetch('/api/...') calls work the same as SSR fetches // no header injection needed (ADR-020).
// (which go through handleFetch in hooks.server.ts).
configure: (proxy) => {
proxy.on('proxyReq', (proxyReq, req) => {
const cookies = req.headers.cookie ?? '';
const match = cookies.match(/auth_token=([^;]+)/);
if (match) {
proxyReq.setHeader('Authorization', decodeURIComponent(match[1]));
}
});
}
} }
} }
}, },