groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(GRO-749): use correct impersonation header in portal Appointments

Browse Source 
Replace Authorization: Bearer with X-Impersonation-Session-Id in all 5
mutation handlers in Appointments.tsx (confirm, cancel, save-notes,
reschedule, booking). The portal backend validates X-Impersonation-Session-Id
header, not Authorization Bearer.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Test User
2026-04-17 11:31:06 +00:00
parent 6e1e51fba7
commit ea7bf4f49b
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/web/src/portal/sections/Appointments.tsx
+5 -5
View File
@@ -379,7 +379,7 @@ export function ConfirmationSection({
try {
const headers: Record<string, string> = {};
if (sessionId) {
headers['Authorization'] = `Bearer ${sessionId}`;
headers['X-Impersonation-Session-Id'] = sessionId ?? '';
}
const res = await fetch(`/api/portal/appointments/${appt.id}/confirm`, {
method: 'POST',
@@ -455,7 +455,7 @@ function CancelAppointmentButton({
try {
const headers: Record<string, string> = {};
if (sessionId) {
headers['Authorization'] = `Bearer ${sessionId}`;
headers['X-Impersonation-Session-Id'] = sessionId ?? '';
}
const res = await fetch(`/api/portal/appointments/${appt.id}/cancel`, {
method: 'POST',
@@ -507,7 +507,7 @@ export function CustomerNotesSection({
try {
const headers: Record<string, string> = { 'Content-Type': 'application/json' };
if (sessionId) {
headers['Authorization'] = `Bearer ${sessionId}`;
headers['X-Impersonation-Session-Id'] = sessionId ?? '';
}
const res = await fetch(`/api/portal/appointments/${appt.id}/notes`, {
method: 'PATCH',
@@ -600,7 +600,7 @@ export function RescheduleFlow({
setError(null);
try {
const headers: Record<string, string> = { 'Content-Type': 'application/json' };
if (sessionId) headers['Authorization'] = `Bearer ${sessionId}`;
if (sessionId) headers['X-Impersonation-Session-Id'] = sessionId ?? '';
const res = await fetch(`/api/portal/appointments/${appt.id}/reschedule`, {
method: 'POST',
headers,
@@ -784,7 +784,7 @@ function BookingFlow({ onClose, sessionId }: BookingFlowProps) {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${sessionId}`,
'X-Impersonation-Session-Id': sessionId ?? '',
},
body: JSON.stringify({
petId: selectedPet.id,