From 44ff90a6f2aa354a2cc4c58bd4b7c7ac9d8efe81 Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Tue, 1 Jul 2025 16:31:26 -0500
Subject: [PATCH] Update refresh endpoint to support override cookie token

---
 server/Auth.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/Auth.js b/server/Auth.js
index b811a5db..df2d2115 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -484,8 +484,9 @@ class Auth {
       let refreshToken = req.cookies.refresh_token
 
       // For mobile clients, the refresh token is sent in the authorization header
+      // Force return refresh token if x-return-tokens header is true
       let shouldReturnRefreshToken = false
-      if (!refreshToken && req.headers.authorization?.startsWith('Bearer ')) {
+      if (req.headers.authorization?.startsWith('Bearer ') && (!refreshToken || req.headers['x-return-tokens'] === 'true')) {
         refreshToken = req.headers.authorization.split(' ')[1]
         shouldReturnRefreshToken = true
       }