fix(web): send session cookies on playground/agent generate requests#5703
fix(web): send session cookies on playground/agent generate requests#5703Taranum01 wants to merge 1 commit into
Conversation
Self-hosted Better Auth requires the session cookie on cross-origin Jawn calls; the Playground generate path omitted credentials: include unlike getJawnClient(), causing Invalid session on /v1/playground/generate. Fixes Helicone#5653 Co-authored-by: Cursor <cursoragent@cursor.com>
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
|
Someone is attempting to deploy a commit to the Helicone Team on Vercel. A member of the Team first needs to authorize it. |
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
|
Friendly bump — Vercel checks on this fork PR show "Authorization required to deploy" (helicone / helicone-eu); that’s expected until a maintainer approves the workflow, not a code failure. The change itself is small (2 lines): add Ready for review when someone has time. Thanks! |
Summary
credentials: "include"to the Playground/Agentgenerate()fetch so Better Auth session cookies reach Jawn on cross-origin self-hosted deployments (localhost:3000→:8585).params.signaltofetchso streaming cancel works as intended.Closes #5653
Problem
Self-hosted Playground returns
401 Invalid sessiononPOST /v1/playground/generateeven when the user is logged in. Other dashboard Jawn calls succeed because they usegetJawnClient(), which always sendscredentials: "include". The Playground path uses a rawfetch()without credentials, so the session cookie is omitted andBetterAuthWrapper.getSession()fails.Test plan
Invalid session/v1/agent/generate) works in self-hosted Better Auth modeMade with Cursor