Update refresh endpoint to support override cookie token

2025-10-27 11:18:14 +01:00 · 2025-07-01 16:31:26 -05:00 · 2025-07-01 16:31:26 -05:00 · 44ff90a6f2
commit 44ff90a6f2
parent 8b995a179d
1 changed files with 2 additions and 1 deletions
--- a/server/Auth.js
+++ b/server/Auth.js
@ -484,8 +484,9 @@ class Auth {
      let refreshToken = req.cookies.refresh_token

      // For mobile clients, the refresh token is sent in the authorization header
+      // Force return refresh token if x-return-tokens header is true
      let shouldReturnRefreshToken = false
-      if (!refreshToken && req.headers.authorization?.startsWith('Bearer ')) {
+      if (req.headers.authorization?.startsWith('Bearer ') && (!refreshToken || req.headers['x-return-tokens'] === 'true')) {
        refreshToken = req.headers.authorization.split(' ')[1]
        shouldReturnRefreshToken = true
      }