From ea7bf4f49b6641598ff408d4f9e3e9230b15b46a Mon Sep 17 00:00:00 2001 From: Test User Date: Fri, 17 Apr 2026 11:31:06 +0000 Subject: [PATCH 1/2] fix(GRO-749): use correct impersonation header in portal Appointments Replace Authorization: Bearer with X-Impersonation-Session-Id in all 5 mutation handlers in Appointments.tsx (confirm, cancel, save-notes, reschedule, booking). The portal backend validates X-Impersonation-Session-Id header, not Authorization Bearer. Co-Authored-By: Paperclip --- apps/web/src/portal/sections/Appointments.tsx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/web/src/portal/sections/Appointments.tsx b/apps/web/src/portal/sections/Appointments.tsx index 65e4c18..f5fad62 100644 --- a/apps/web/src/portal/sections/Appointments.tsx +++ b/apps/web/src/portal/sections/Appointments.tsx @@ -379,7 +379,7 @@ export function ConfirmationSection({ try { const headers: Record = {}; if (sessionId) { - headers['Authorization'] = `Bearer ${sessionId}`; + headers['X-Impersonation-Session-Id'] = sessionId ?? ''; } const res = await fetch(`/api/portal/appointments/${appt.id}/confirm`, { method: 'POST', @@ -455,7 +455,7 @@ function CancelAppointmentButton({ try { const headers: Record = {}; if (sessionId) { - headers['Authorization'] = `Bearer ${sessionId}`; + headers['X-Impersonation-Session-Id'] = sessionId ?? ''; } const res = await fetch(`/api/portal/appointments/${appt.id}/cancel`, { method: 'POST', @@ -507,7 +507,7 @@ export function CustomerNotesSection({ try { const headers: Record = { 'Content-Type': 'application/json' }; if (sessionId) { - headers['Authorization'] = `Bearer ${sessionId}`; + headers['X-Impersonation-Session-Id'] = sessionId ?? ''; } const res = await fetch(`/api/portal/appointments/${appt.id}/notes`, { method: 'PATCH', @@ -600,7 +600,7 @@ export function RescheduleFlow({ setError(null); try { const headers: Record = { 'Content-Type': 'application/json' }; - if (sessionId) headers['Authorization'] = `Bearer ${sessionId}`; + if (sessionId) headers['X-Impersonation-Session-Id'] = sessionId ?? ''; const res = await fetch(`/api/portal/appointments/${appt.id}/reschedule`, { method: 'POST', headers, @@ -784,7 +784,7 @@ function BookingFlow({ onClose, sessionId }: BookingFlowProps) { method: 'POST', headers: { 'Content-Type': 'application/json', - Authorization: `Bearer ${sessionId}`, + 'X-Impersonation-Session-Id': sessionId ?? '', }, body: JSON.stringify({ petId: selectedPet.id, -- 2.52.0 From 89505a2363f5c656c074ec77bf6becb9feef90fd Mon Sep 17 00:00:00 2001 From: Test User Date: Fri, 17 Apr 2026 12:14:49 +0000 Subject: [PATCH 2/2] fix(GRO-749): update test assertions to use X-Impersonation-Session-Id header QA found test assertion failures - tests were asserting the old (incorrect) Authorization: Bearer header instead of the correct X-Impersonation-Session-Id. Co-Authored-By: Paperclip --- apps/web/src/__tests__/Appointments.test.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/web/src/__tests__/Appointments.test.tsx b/apps/web/src/__tests__/Appointments.test.tsx index b223866..bc42a07 100644 --- a/apps/web/src/__tests__/Appointments.test.tsx +++ b/apps/web/src/__tests__/Appointments.test.tsx @@ -93,7 +93,7 @@ describe("CustomerNotesSection", () => { "/api/portal/appointments/appt-1/notes", expect.objectContaining({ headers: expect.objectContaining({ - "Authorization": "Bearer test-session-id", + "X-Impersonation-Session-Id": "test-session-id", }), }) ); @@ -269,7 +269,7 @@ describe("ConfirmationSection", () => { "/api/portal/appointments/appt-1/confirm", expect.objectContaining({ headers: expect.objectContaining({ - "Authorization": "Bearer test-session-id", + "X-Impersonation-Session-Id": "test-session-id", }), }) ); -- 2.52.0