mirror of
https://github.com/reconurge/flowsint.git
synced 2026-07-17 01:24:19 -05:00
[PR #162] [CLOSED] fix(sse): replace EventSource with fetch-event-source for secure auth headers #3850
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/reconurge/flowsint/pull/162
Author: @RithvikReddy0-0
Created: 6/3/2026
Status: ❌ Closed
Base:
main← Head:fix/sse-auth-header📝 Commits (1)
9718ad1fix(sse): replace EventSource with fetch-event-source for secure auth headers📊 Changes
4 files changed (+105 additions, -92 deletions)
View changed files
📝
flowsint-api/app/api/deps.py(+8 -10)📝
flowsint-app/package.json(+1 -0)📝
flowsint-app/src/hooks/use-events.ts(+42 -40)📝
flowsint-app/src/hooks/use-graph-refresh.ts(+54 -42)📄 Description
Fixes #145 (in the upstream repo: reconurge/flowsint#145)
Problem
The native EventSource API doesn't support custom headers, so the auth
token was being passed as a URL query parameter (?token=...). This exposes
the token in server logs, browser history, and HTTP referrer headers.
Solution
new EventSource()withfetchEventSource()from@microsoft/fetch-event-sourceinuse-events.tsanduse-graph-refresh.tsAuthorization: Bearer <token>headerget_current_user_sseindeps.py🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.