From f7d4d6212ddae3cfd4e987cc506ee8d00eaa75f9 Mon Sep 17 00:00:00 2001
From: Oliver Bryan <04oliverbryan@gmail.com>
Date: Fri, 9 Jan 2026 05:34:07 +0000
Subject: [PATCH] replaced getAuthHeaders (old token-based) with CSRF
 management

---
 packages/frontend/src/lib/utils.ts | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/packages/frontend/src/lib/utils.ts b/packages/frontend/src/lib/utils.ts
index 666043e..fa8ceae 100644
--- a/packages/frontend/src/lib/utils.ts
+++ b/packages/frontend/src/lib/utils.ts
@@ -9,10 +9,19 @@ export function issueID(key: string, num: number) {
     return `${key}-${num.toString().padStart(3, "0")}`;
 }
 
-export function getAuthHeaders(): HeadersInit {
-    const token = localStorage.getItem("token");
-    if (!token) return {};
-    return { Authorization: `Bearer ${token}` };
+export function getCsrfToken(): string | null {
+    return sessionStorage.getItem("csrfToken");
+}
+
+export function setCsrfToken(token: string): void {
+    sessionStorage.setItem("csrfToken", token);
+}
+
+export function clearAuth(): void {
+    sessionStorage.removeItem("csrfToken");
+    localStorage.removeItem("user");
+    localStorage.removeItem("selectedOrganisationId");
+    localStorage.removeItem("selectedProjectId");
 }
 
 export function capitalise(str: string) {