fix: same site api call with session cookie

2025-02-04 00:18:01 +01:00 · 2024-10-11 16:55:23 +02:00 · 2024-10-11 16:55:23 +02:00 · 02776c6bd6
commit 02776c6bd6
parent 5d61b3903b
2 changed files with 13 additions and 1 deletions
--- a/src/lib/app.ts
+++ b/src/lib/app.ts
@ -31,6 +31,7 @@ import NotFoundError from './error/notfound-error';
 import { bearerTokenMiddleware } from './middleware/bearer-token-middleware';
 import { auditAccessMiddleware } from './middleware';
 import { originMiddleware } from './middleware/origin-middleware';
+import { unlessHasHeader } from './middleware/unless-has-header-middleware';

 export default async function getApp(
    config: IUnleashConfig,
@ -90,7 +91,7 @@ export default async function getApp(
        ),
    );
    if (unleashSession) {
-        app.use(unleashSession);
+        app.use(unlessHasHeader('authorization', unleashSession));
    }
    app.use(secureHeaders(config));
    app.use(express.urlencoded({ extended: true }));
--- a/src/lib/middleware/unless-has-header-middleware.ts
+++ b/src/lib/middleware/unless-has-header-middleware.ts
@ -0,0 +1,11 @@
+import type { RequestHandler } from 'express';
+
+export const unlessHasHeader =
+    (header: string, middleware: RequestHandler): RequestHandler =>
+    (req, res, next) => {
+        if (req.headers[header]) {
+            return next();
+        } else {
+            return middleware(req, res, next);
+        }
+    };