From ea524a6ba13226a5d3e4b3daedb5f311569675e0 Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Sun, 15 Mar 2026 17:03:42 +0000
Subject: [PATCH] fix(cli): add Origin header to auth requests (#115)

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>
---
 packages/cli/src/auth.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/cli/src/auth.ts b/packages/cli/src/auth.ts
index 5279502..e9fe792 100644
--- a/packages/cli/src/auth.ts
+++ b/packages/cli/src/auth.ts
@@ -29,7 +29,7 @@ export async function signIn(
 ): Promise<AuthResult> {
   const res = await fetch(`${gatewayUrl}/api/auth/sign-in/email`, {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: { 'Content-Type': 'application/json', Origin: gatewayUrl },
     body: JSON.stringify({ email, password }),
     redirect: 'manual',
   });
@@ -106,7 +106,7 @@ export function loadSession(gatewayUrl: string): AuthResult | null {
 export async function validateSession(gatewayUrl: string, cookie: string): Promise<boolean> {
   try {
     const res = await fetch(`${gatewayUrl}/api/auth/get-session`, {
-      headers: { Cookie: cookie },
+      headers: { Cookie: cookie, Origin: gatewayUrl },
     });
     return res.ok;
   } catch {