From cde70d386dbece0dbe786b5f8c718ebdacf9e8b0 Mon Sep 17 00:00:00 2001
From: Zac Gaetano <zgaetano@wilddragon.net>
Date: Sun, 5 Apr 2026 21:25:46 -0400
Subject: [PATCH] fix: extension download using wrong auth header
 (Authorization vs x-auth-token)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 public/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/index.html b/public/index.html
index d868cb7..470cd7f 100644
--- a/public/index.html
+++ b/public/index.html
@@ -823,7 +823,7 @@ async function downloadExtension() {
   const btn = event.target;
   btn.disabled = true; btn.textContent = '⏳ Preparing download…';
   try {
-    const res = await fetch('/api/extension/download', { headers: { 'Authorization': 'Bearer ' + authToken } });
+    const res = await fetch('/api/extension/download', { headers: { 'x-auth-token': authToken || '' } });
     if (!res.ok) throw new Error(`Server error ${res.status}`);
     const blob = await res.blob();
     const url  = URL.createObjectURL(blob);