diff --git a/src/services/runtime.ts b/src/services/runtime.ts index 63ed5cefa..943e19b38 100644 --- a/src/services/runtime.ts +++ b/src/services/runtime.ts @@ -781,20 +781,33 @@ export function installWebApiRedirect(): void { }; /** - * For premium API paths, inject an Authorization: Bearer header when the - * user has an active session and no existing auth header is present. + * For premium API paths, inject auth when the user has premium access but no + * existing auth header is present. Handles three paths: + * 1. Clerk Pro: Authorization: Bearer + * 2. Tester key (wm-pro-key / wm-widget-key): X-WorldMonitor-Key: + * 3. API key users: already set X-WorldMonitor-Key — left unchanged * Returns the original init unchanged for non-premium paths (zero overhead). */ const enrichInitForPremium = async (pathWithQuery: string, init?: RequestInit): Promise => { const path = pathWithQuery.split('?')[0] ?? pathWithQuery; if (!WEB_PREMIUM_API_PATHS.has(path)) return init; - const token = await getClerkToken(); - if (!token) return init; const headers = new Headers(init?.headers); // Don't overwrite existing auth headers (API key users keep their flow) if (headers.has('Authorization') || headers.has('X-WorldMonitor-Key')) return init; - headers.set('Authorization', `Bearer ${token}`); - return { ...init, headers }; + // Clerk Pro: inject Bearer token + const token = await getClerkToken(); + if (token) { + headers.set('Authorization', `Bearer ${token}`); + return { ...init, headers }; + } + // Tester key (wm-pro-key / wm-widget-key): forward as API key header + const { getProWidgetKey, getWidgetAgentKey } = await import('@/services/widget-store'); + const testerKey = getProWidgetKey() || getWidgetAgentKey(); + if (testerKey) { + headers.set('X-WorldMonitor-Key', testerKey); + return { ...init, headers }; + } + return init; }; window.fetch = async (input: RequestInfo | URL, init?: RequestInit): Promise => {