frontend/vite.config.ts

@@ -13,7 +13,19 @@ export default defineConfig({
 		proxy: {
 			'/api': {
 				target: process.env.API_PROXY_TARGET || 'http://localhost:8080',
-				changeOrigin: true
+				changeOrigin: true,
+				// Inject Authorization header from the auth_token cookie so that
+				// browser-side fetch('/api/...') calls work the same as SSR fetches
+				// (which go through handleFetch in hooks.server.ts).
+				configure: (proxy) => {
+					proxy.on('proxyReq', (proxyReq, req) => {
+						const cookies = req.headers.cookie ?? '';
+						const match = cookies.match(/auth_token=([^;]+)/);
+						if (match) {
+							proxyReq.setHeader('Authorization', decodeURIComponent(match[1]));
+						}
+					});
+				}
 			}
 		}
 	},