Code Issues Merge Requests Branches Tags Releases Compare Graph

fix: forward session cookie explicitly in push token form action

Author: Aaron Steven White Apr 10, 2026, 07:22 PM

Commit 56dcd9a886e769e14be01d8ef4d1f9e24c515db5

Structural diff unavailable

These commits were pushed via plain git push, so no pre-parsed schemas are available. Install git-remote-cospan and re-push via panproto:// to see scope-level changes, breaking change detection, and semantic diffs.

brew install panproto/tap/git-remote-cospan

1 file changed +14 -5

@@ -2,17 +2,26 @@ import type { Actions } from './$types';

22 import { fail } from '@sveltejs/kit';
33 
44 export const actions: Actions = {
5-	createPushToken: async ({ request, fetch }) => {
6-		// Use SvelteKit's fetch which automatically forwards cookies
7-		const response = await fetch('/xrpc/dev.cospan.repo.createPushToken', {
5+	createPushToken: async ({ request, cookies }) => {
6+		const sessionCookie = cookies.get('cospan_session');
7+		if (!sessionCookie) {
8+			return fail(401, { error: 'Not signed in. Please sign in first.' });
9+		}
10+
11+		// Call the appview directly with the session cookie forwarded.
12+		const appviewUrl = process.env.APPVIEW_URL ?? 'http://localhost:3000';
13+		const response = await fetch(`${appviewUrl}/xrpc/dev.cospan.repo.createPushToken`, {
814 			method: 'POST',
9-			headers: { 'Content-Type': 'application/json' },
15+			headers: {
16+				'Content-Type': 'application/json',
17+				'Cookie': `cospan_session=${sessionCookie}`,
18+			},
1019 			body: '{}',
1120 		});
1221 
1322 		if (!response.ok) {
1423 			const body = await response.json().catch(() => ({ message: response.statusText }));
15-			return fail(response.status, { error: body.message ?? 'Failed to generate token' });
24+			return fail(response.status, { error: body.message ?? `Failed to generate token (${response.status})` });
1625 		}
1726 
1827 		const data = await response.json();

Back to repository