Merge remote-tracking branch 'origin/V2' into PaymentSelfhost

frontend/src/proprietary/App.tsx

@@ -1,6 +1,7 @@
 import { Suspense } from "react";
 import { Routes, Route } from "react-router-dom";
 import { AppProviders } from "@app/components/AppProviders";
+import { AppLayout } from "@app/components/AppLayout";
 import { LoadingFallback } from "@app/components/shared/LoadingFallback";
 import Landing from "@app/routes/Landing";
 import Login from "@app/routes/Login";
@@ -22,17 +23,19 @@ export default function App() {
   return (
     <Suspense fallback={<LoadingFallback />}>
       <AppProviders>
-        <Routes>
-          {/* Auth routes - no nested providers needed */}
-          <Route path="/login" element={<Login />} />
-          <Route path="/signup" element={<Signup />} />
-          <Route path="/auth/callback" element={<AuthCallback />} />
-          <Route path="/invite/:token" element={<InviteAccept />} />
+        <AppLayout>
+          <Routes>
+            {/* Auth routes - no nested providers needed */}
+            <Route path="/login" element={<Login />} />
+            <Route path="/signup" element={<Signup />} />
+            <Route path="/auth/callback" element={<AuthCallback />} />
+            <Route path="/invite/:token" element={<InviteAccept />} />
 
-          {/* Main app routes - Landing handles auth logic */}
-          <Route path="/*" element={<Landing />} />
-        </Routes>
-        <OnboardingTour />
+            {/* Main app routes - Landing handles auth logic */}
+            <Route path="/*" element={<Landing />} />
+          </Routes>
+          <OnboardingTour />
+        </AppLayout>
       </AppProviders>
     </Suspense>
   );

frontend/src/proprietary/auth/springAuthClient.ts

@@ -107,7 +107,7 @@ class SpringAuthClient {
     for (const cookie of cookies) {
       const [name, value] = cookie.trim().split('=');
       if (name === 'XSRF-TOKEN') {
-        return value;
+        return decodeURIComponent(value);
       }
     }
     return null;
@@ -278,7 +278,7 @@ class SpringAuthClient {
     try {
       const response = await apiClient.post('/api/v1/auth/logout', null, {
         headers: {
-          'X-CSRF-TOKEN': this.getCsrfToken() || '',
+          'X-XSRF-TOKEN': this.getCsrfToken() || '',
         },
         withCredentials: true,
       });
@@ -311,7 +311,7 @@ class SpringAuthClient {
     try {
       const response = await apiClient.post('/api/v1/auth/refresh', null, {
         headers: {
-          'X-CSRF-TOKEN': this.getCsrfToken() || '',
+          'X-XSRF-TOKEN': this.getCsrfToken() || '',
         },
         withCredentials: true,
       });

frontend/src/proprietary/services/apiClientSetup.ts

@@ -9,17 +9,38 @@ function getJwtTokenFromStorage(): string | null {
   }
 }
 
+function getXsrfToken(): string | null {
+  try {
+    const cookies = document.cookie.split(';');
+    for (const cookie of cookies) {
+      const [name, value] = cookie.trim().split('=');
+      if (name === 'XSRF-TOKEN') {
+        return decodeURIComponent(value);
+      }
+    }
+    return null;
+  } catch (error) {
+    console.error('[API Client] Failed to read XSRF token from cookies:', error);
+    return null;
+  }
+}
+
 export function setupApiInterceptors(client: AxiosInstance): void {
   // Install request interceptor to add JWT token
   client.interceptors.request.use(
     (config) => {
       const jwtToken = getJwtTokenFromStorage();
+      const xsrfToken = getXsrfToken();
 
       if (jwtToken && !config.headers.Authorization) {
         config.headers.Authorization = `Bearer ${jwtToken}`;
         console.debug('[API Client] Added JWT token from localStorage to Authorization header');
       }
 
+      if (xsrfToken && !config.headers['X-XSRF-TOKEN']) {
+        config.headers['X-XSRF-TOKEN'] = xsrfToken;
+      }
+
       return config;
     },
     (error) => {