From 2a8706e714a0f2ad9bd8cc595379286990de35ca Mon Sep 17 00:00:00 2001
From: DhanushSantosh <dhanushsantoshs05@gmail.com>
Date: Sun, 18 Jan 2026 02:21:47 +0530
Subject: [PATCH] fix: add session token to image URLs for web mode
 authentication

In web mode, image loads may not send session cookies due to proxy/CORS
restrictions. This adds the session token as a query parameter to ensure
images load correctly with proper authentication in web mode.

Fixes custom project icons and images not loading in web mode.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
 apps/ui/src/lib/api-fetch.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/apps/ui/src/lib/api-fetch.ts b/apps/ui/src/lib/api-fetch.ts
index b544c993..f8959c8f 100644
--- a/apps/ui/src/lib/api-fetch.ts
+++ b/apps/ui/src/lib/api-fetch.ts
@@ -185,7 +185,13 @@ export function getAuthenticatedImageUrl(
   if (apiKey) {
     params.set('apiKey', apiKey);
   }
-  // Note: Session token auth relies on cookies which are sent automatically by the browser
+
+  // Web mode: also add session token as query param for image loads
+  // This ensures images load correctly even if cookies aren't sent (e.g., cross-origin proxy scenarios)
+  const sessionToken = getSessionToken();
+  if (sessionToken) {
+    params.set('token', sessionToken);
+  }
 
   return `${serverUrl}/api/fs/image?${params.toString()}`;
 }