From 4cff390f4189b1044a592a4e468517993020b1e2 Mon Sep 17 00:00:00 2001
From: Pascal Martineau <pascal@lewebsimple.ca>
Date: Tue, 16 Sep 2025 13:21:52 -0400
Subject: [PATCH] fix: pass cookies with GraphQL request

---
 .../themes/ccat/server/graphqlMiddleware.serverOptions.ts  | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/wp-content/themes/ccat/server/graphqlMiddleware.serverOptions.ts b/wp-content/themes/ccat/server/graphqlMiddleware.serverOptions.ts
index ed90cbd..300cd3e 100644
--- a/wp-content/themes/ccat/server/graphqlMiddleware.serverOptions.ts
+++ b/wp-content/themes/ccat/server/graphqlMiddleware.serverOptions.ts
@@ -12,8 +12,11 @@ async function refreshAuthToken(refreshToken: string): Promise<string | null> {
 
 export default defineGraphqlServerOptions({
   async serverFetchOptions(event) {
+    const headers = {
+      Cookie: getRequestHeader(event, "cookie") || "",
+    };
     const session = await getUserSession(event);
-    if (!session?.secure?.authToken) return {};
+    if (!session?.secure?.authToken) return { headers };
 
     const decoded = jwtDecode<DecodedToken>(session.secure.authToken);
     const isExpired = decoded.exp * 1000 < Date.now();
@@ -24,6 +27,6 @@ export default defineGraphqlServerOptions({
       }
     }
 
-    return { headers: { Authorization: `Bearer ${session.secure.authToken}` } };
+    return { headers: { ...headers, Authorization: `Bearer ${session.secure.authToken}` } };
   },
 });