From f35a994f199f84a30980cac657a0f0d4db48926f Mon Sep 17 00:00:00 2001
From: Jay Malhotra <5047192+SapiensAnatis@users.noreply.github.com>
Date: Sun, 30 Jun 2024 20:40:51 +0100
Subject: [PATCH] Forward JWT cookie as header (#917)

Fixes 401s when SSRing the profile page after the request is rewritten
---
 Website/src/hooks.server.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Website/src/hooks.server.ts b/Website/src/hooks.server.ts
index 968ba9458..b756b2759 100644
--- a/Website/src/hooks.server.ts
+++ b/Website/src/hooks.server.ts
@@ -25,7 +25,14 @@ export const handleFetch: HandleFetch = ({ request, fetch, event }) => {
     // Rewrite URL to internal
     const newUrl = request.url.replace(requestUrl.origin, internalApiUrl.origin);
     console.log(`Rewriting request: from ${requestUrl.href} to ${newUrl}`);
-    console.log({ cookies: event.cookies.getAll() });
+
+    // We need to explicitly add the JWT back in, because SvelteKit seems to refuse to forward cookies here; it's
+    // possible it views the request as changing origins and no longer internal.
+    const idToken = event.cookies.get(Cookies.IdToken);
+    if (idToken) {
+      request.headers.append('Authorization', `Bearer ${idToken}`);
+    }
+
     return fetch(new Request(newUrl, request));
   }