From c2fc027539b3646433030d6047026de0058bb0be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9A=D1=80=D0=B0=D1=81=D0=BD=D0=BE=D0=B2=D0=B8=D0=B4=20?=
 =?UTF-8?q?=D0=9A=D0=B8=D1=80=D0=B8=D0=BB=D0=BB?=
 <krasnovidke@team.profi.ru>
Date: Mon, 23 Mar 2026 18:48:19 +0200
Subject: [PATCH] fix: set X-Metabase-Session header on current request in
 interceptor for username/password auth

When using username/password auth, the session token was written to
defaults.headers.common inside the request interceptor. However, axios
merges defaults into the per-request config.headers before interceptors
run, so the first request was always dispatched without the
X-Metabase-Session header, resulting in HTTP 401.

Fix: explicitly assign the token to config.headers after
ensureAuthenticated() resolves, ensuring it is present on the very
first request.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/client/metabase-client.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/client/metabase-client.ts b/src/client/metabase-client.ts
index 5a9d9b9..59e95f9 100644
--- a/src/client/metabase-client.ts
+++ b/src/client/metabase-client.ts
@@ -57,6 +57,9 @@ export class MetabaseClient {
 
         // Ensure authentication before making any API call
         await this.ensureAuthenticated();
+        if (this.sessionToken && this.sessionToken !== "api_key_used") {
+          config.headers["X-Metabase-Session"] = this.sessionToken;
+        }
         return config;
       },
       (error) => {