From 7e32ed294d0d912afa6f629222cf0c6631ed8139 Mon Sep 17 00:00:00 2001
From: Linus Flood <linus.flood@scandichotels.com>
Date: Thu, 3 Jul 2025 11:01:24 +0000
Subject: [PATCH] Merged in fix/webview-fix (pull request #2512)

Let webview pass if we have it stored but they are not sending any auth token

* Let webview pass if we have it stored but they are not sending any auth token
---
 apps/scandic-web/middlewares/webView.ts | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/apps/scandic-web/middlewares/webView.ts b/apps/scandic-web/middlewares/webView.ts
index 1d898606a..e14ec5d4d 100644
--- a/apps/scandic-web/middlewares/webView.ts
+++ b/apps/scandic-web/middlewares/webView.ts
@@ -68,9 +68,17 @@ export const middleware: NextMiddleware = async (request) => {
   const authorizationToken = request.headers.get("X-Authorization")
   const webviewTokenCookie = request.cookies.get("webviewToken")
 
-  if (webviewTokenCookie && webviewTokenCookie.value === authorizationToken) {
-    // since the token exists, this is a subsequent visit
-    // we're done, allow it
+  if (
+    (webviewTokenCookie && webviewTokenCookie.value === authorizationToken) ||
+    (webviewTokenCookie && !authorizationToken)
+  ) {
+    // If the webviewToken cookie is present and matches the authorization token,
+    // we can skip decryption and just rewrite the request with the existing cookie.
+    // OR
+    // If the webviewToken cookie is present but no authorization token is provided
+    // we can skip the decryption and see if our cookie is valid.
+    // This handles when the app is navigating between pages inside the webview
+
     return handleWebviewRewrite({
       nextUrl,
       headers,