From 41d20464f189f7cb00d902a77e751b931e8d0764 Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Fri, 19 Apr 2024 08:59:16 +0200
Subject: [PATCH] include access token in client requests, if defined

this allows h5web to work in CORS jupyterlab deployments
and JupyterHub 4.1 which has stricter XSRF rules
---
 src/H5webApp.tsx | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/H5webApp.tsx b/src/H5webApp.tsx
index be2d686..97b352e 100644
--- a/src/H5webApp.tsx
+++ b/src/H5webApp.tsx
@@ -25,11 +25,14 @@ function TwoRenderApp() {
 
 function H5webApp(props: { filePath: string }) {
   const { filePath } = props;
-  const { baseUrl } = ServerConnection.makeSettings();
+  const { baseUrl, token } = ServerConnection.makeSettings();
 
   const axiosConfig = useMemo(
-    () => ({ params: { file: filePath } }),
-    [filePath]
+    () => ({
+      params: { file: filePath },
+      headers: token ? { Authorization: `token ${token}` } : {},
+    }),
+    [filePath, token]
   );
 
   return (