From bc6c93c9c7069ea754ac9565401132a5ae4706ec Mon Sep 17 00:00:00 2001
From: Zoe Roux <zoe.roux@zoriya.dev>
Date: Mon, 3 Nov 2025 12:39:27 +0100
Subject: [PATCH] Fix bearer cookie being base64ed

---
 front/src/providers/account-store.ts |  2 +-
 front/src/providers/settings.ts      | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/front/src/providers/account-store.ts b/front/src/providers/account-store.ts
index 343bcafe..e77cd843 100644
--- a/front/src/providers/account-store.ts
+++ b/front/src/providers/account-store.ts
@@ -10,7 +10,7 @@ const writeAccounts = (accounts: Account[]) => {
 		if (!selected) return;
 		setCookie("account", selected);
 		// cookie used for images and videos since we can't add Authorization headers in img or video tags.
-		setCookie("X-Bearer", selected?.token);
+		setCookie("X-Bearer", selected?.token, { skipBase64: true });
 	}
 };
 
diff --git a/front/src/providers/settings.ts b/front/src/providers/settings.ts
index a03691c3..6ce5dd70 100644
--- a/front/src/providers/settings.ts
+++ b/front/src/providers/settings.ts
@@ -15,8 +15,14 @@ function fromBase64(b64: string) {
 	return Buffer.from(b64, "base64").toString("utf8");
 }
 
-export const setCookie = (key: string, val?: unknown) => {
-	const value = toBase64(typeof val !== "string" ? JSON.stringify(val) : val);
+export const setCookie = (
+	key: string,
+	val?: unknown,
+	opts?: { skipBase64?: boolean },
+) => {
+	const value = opts?.skipBase64
+		? val
+		: toBase64(typeof val !== "string" ? JSON.stringify(val) : val);
 	const d = new Date();
 	// A year
 	d.setTime(d.getTime() + 365 * 24 * 60 * 60 * 1000);