frontend/vite.config.ts

@@ -17,19 +17,9 @@ export default defineConfig({
 		proxy: {
 			'/api': {
 				target: process.env.API_PROXY_TARGET || 'http://localhost:8080',
-				changeOrigin: true,
-				// Inject Authorization header from the auth_token cookie so that
-				// browser-side fetch('/api/...') calls work the same as SSR fetches
-				// (which go through handleFetch in hooks.server.ts).
-				configure: (proxy) => {
-					proxy.on('proxyReq', (proxyReq, req) => {
-						const cookies = req.headers.cookie ?? '';
-						const match = cookies.match(/auth_token=([^;]+)/);
-						if (match) {
-							proxyReq.setHeader('Authorization', decodeURIComponent(match[1]));
-						}
-					});
-				}
+				changeOrigin: true
+				// The browser forwards the fa_session cookie to the backend automatically;
+				// no header injection needed (ADR-020).
 			}
 		}
 	},