diff --git a/packages/app/src/context/global-sdk.tsx b/packages/app/src/context/global-sdk.tsx index 0cd4f6c99..cb610bf6e 100644 --- a/packages/app/src/context/global-sdk.tsx +++ b/packages/app/src/context/global-sdk.tsx @@ -12,10 +12,19 @@ export const { use: useGlobalSDK, provider: GlobalSDKProvider } = createSimpleCo const platform = usePlatform() const abort = new AbortController() + const auth = (() => { + if (typeof window === "undefined") return + const password = window.__OPENCODE__?.serverPassword + if (!password) return + return { + Authorization: `Basic ${btoa(`opencode:${password}`)}`, + } + })() + const eventSdk = createOpencodeClient({ baseUrl: server.url, signal: abort.signal, - fetch: platform.fetch, + headers: auth, }) const emitter = createGlobalEmitter<{ [key: string]: Event diff --git a/packages/opencode/src/server/server.ts b/packages/opencode/src/server/server.ts index 015553802..9fb520655 100644 --- a/packages/opencode/src/server/server.ts +++ b/packages/opencode/src/server/server.ts @@ -78,6 +78,9 @@ export namespace Server { }) }) .use((c, next) => { + // Allow CORS preflight requests to succeed without auth. + // Browser clients sending Authorization headers will preflight with OPTIONS. + if (c.req.method === "OPTIONS") return next() const password = Flag.OPENCODE_SERVER_PASSWORD if (!password) return next() const username = Flag.OPENCODE_SERVER_USERNAME ?? "opencode" @@ -107,7 +110,12 @@ export namespace Server { if (input.startsWith("http://localhost:")) return input if (input.startsWith("http://127.0.0.1:")) return input - if (input === "tauri://localhost" || input === "http://tauri.localhost") return input + if ( + input === "tauri://localhost" || + input === "http://tauri.localhost" || + input === "https://tauri.localhost" + ) + return input // *.opencode.ai (https only, adjust if needed) if (/^https:\/\/([a-z0-9-]+\.)*opencode\.ai$/.test(input)) {