Farscry
>
Claude Remote v2: Interactive Sessions
>
td-58bf8f
td-58bf8f
P2: Fix SSE auth for browser EventSource
submit
closed
task
P1
Parent:
td-1c8739
Created Mar 3, 2026 9:52 AM
Updated Mar 3, 2026 3:22 PM
Closed Mar 3, 2026 2:09 PM
Description
EventSource cannot send Authorization: Bearer headers. Add cookie-based auth: POST login endpoint sets HttpOnly SameSite=Strict session cookie. SSE reads cookie. Query-param tokens leak in logs — avoid. Single-user for now but must not block multi-user later.
Handoff
Done
Auto-generated for review submission
Session Log (4 entries)
Mar 3, 2:09 PM
lg-30a0e16b
ses_1b63dc
edit
delete
progress
Started work
Mar 3, 2:09 PM
lg-b989b1c1
ses_1b63dc
edit
delete
progress
Already implemented in Part 1B (commit 16a1d81). Cookie-based auth with POST /login, HttpOnly SameSite=Strict cookie. SSE works with cookies automatically.
Mar 3, 2:09 PM
lg-72c7b8b1
ses_1b63dc
edit
delete
progress
Submitted for review
Mar 3, 3:22 PM
lg-548672fd
ses_034c77
edit
delete
progress
SSE auth working via cookie — flush_interval and read_timeout configured in Caddy
prompt
plan
concern
implementation
information
Add
Git State
Started
39a395a (master)
Current
39a395a (master)
Sessions Involved
ses_1b63dc
(implementer)
ses_034c77
(reviewer)