fix(frontend): forward X-API-Key header through proxy (#11530)

The Next.js API proxy was stripping the X-API-Key header when forwarding requests to the backend, causing API key authentication to fail in environments where requests go through the proxy (e.g., dev environment). ### Changes 🏗️ - Updated `createRequestHeaders()` in `frontend/src/lib/autogpt-server-api/helpers.ts` to forward the `X-API-Key` header from the original request to the backend ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Verify API key authentication works when requests go through the Next.js proxy - [x] Verify existing authentication (Authorization header) still works - [x] Verify admin impersonation header forwarding still works #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) No configuration changes required. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude <noreply@anthropic.com>
2026-01-07 22:33:57 -05:00 · 2025-12-03 13:39:17 +01:00
parent bfbd4eee53
commit 6588110bf2
2 changed files with 13 additions and 1 deletions
--- a/autogpt_platform/frontend/src/lib/autogpt-server-api/helpers.ts
+++ b/autogpt_platform/frontend/src/lib/autogpt-server-api/helpers.ts
@@ -1,4 +1,7 @@
-import { IMPERSONATION_HEADER_NAME } from "@/lib/constants";
+import {
+  API_KEY_HEADER_NAME,
+  IMPERSONATION_HEADER_NAME,
+} from "@/lib/constants";
 import { getServerSupabase } from "@/lib/supabase/server/getServerSupabase";
 import { environment } from "@/services/environment";
 import { Key, storage } from "@/services/storage/local-storage";
@@ -154,6 +157,12 @@ export function createRequestHeaders(
    if (impersonationHeader) {
      headers[IMPERSONATION_HEADER_NAME] = impersonationHeader;
    }
+
+    // Forward X-API-Key header if present
+    const apiKeyHeader = originalRequest.headers.get(API_KEY_HEADER_NAME);
+    if (apiKeyHeader) {
+      headers[API_KEY_HEADER_NAME] = apiKeyHeader;
+    }
  }

  return headers;
--- a/autogpt_platform/frontend/src/lib/constants.ts
+++ b/autogpt_platform/frontend/src/lib/constants.ts
@@ -5,3 +5,6 @@
 // Admin impersonation
 export const IMPERSONATION_HEADER_NAME = "X-Act-As-User-Id";
 export const IMPERSONATION_STORAGE_KEY = "admin-impersonate-user-id";
+
+// API key authentication
+export const API_KEY_HEADER_NAME = "X-API-Key";