From c6fc5306c6706032c038042d49aa0aef789dfb67 Mon Sep 17 00:00:00 2001
From: "Rodrigo Rodriguez (Pragmatismo)" <me@rodrigorodriguez.com>
Date: Sat, 10 Jan 2026 14:22:31 -0300
Subject: [PATCH] debug: add logging to htmx auth header

---
 ui/suite/js/htmx-app.js | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/ui/suite/js/htmx-app.js b/ui/suite/js/htmx-app.js
index dfe58d8..97836f0 100644
--- a/ui/suite/js/htmx-app.js
+++ b/ui/suite/js/htmx-app.js
@@ -6,13 +6,30 @@
   // CRITICAL: Register auth header listener IMMEDIATELY on document
   // This MUST run before any HTMX requests are made
   // =========================================================================
+  console.log(
+    "[HTMX-AUTH] Registering htmx:configRequest listener on document",
+  );
+
   document.addEventListener("htmx:configRequest", (event) => {
     // Add Authorization header with access token
     const accessToken =
       localStorage.getItem("gb-access-token") ||
       sessionStorage.getItem("gb-access-token");
+
+    console.log(
+      "[HTMX-AUTH] configRequest for:",
+      event.detail.path,
+      "token:",
+      accessToken ? accessToken.substring(0, 20) + "..." : "NONE",
+    );
+
     if (accessToken) {
       event.detail.headers["Authorization"] = `Bearer ${accessToken}`;
+      console.log("[HTMX-AUTH] Authorization header SET");
+    } else {
+      console.warn(
+        "[HTMX-AUTH] NO TOKEN FOUND - request will be unauthenticated",
+      );
     }
 
     // Add CSRF token if available