From f67f97c2c3403fa620ad7144584130e93200f756 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gast=C3=B3n=20Fournier?= <gaston@getunleash.io>
Date: Fri, 11 Oct 2024 17:44:12 +0200
Subject: [PATCH] fix: cookie in same domain as in Unleash

---
 src/lib/middleware/authorization-middleware.ts | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/lib/middleware/authorization-middleware.ts b/src/lib/middleware/authorization-middleware.ts
index 5568d5c5957b..3fb48563e280 100644
--- a/src/lib/middleware/authorization-middleware.ts
+++ b/src/lib/middleware/authorization-middleware.ts
@@ -4,7 +4,6 @@ import type { LogProvider } from '../logger';
 import { AuthenticationRequired } from '../server-impl';
 import UnauthorizedError from '../error/unauthorized-error';
 
-/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 const authorizationMiddleware = (
     getLogger: LogProvider,
     baseUriPath: string,
@@ -13,7 +12,7 @@ const authorizationMiddleware = (
     logger.debug('Enabling Authorization middleware');
 
     return async (req: IAuthRequest, res: Response, next: NextFunction) => {
-        if (req.session?.user) {
+        if (!req.user?.isAPI && req.session?.user) {
             req.user = req.session.user;
             return next();
         }