From cd08fd3c9e0e0ae45c9eef0f421dfc7a3ed829cc Mon Sep 17 00:00:00 2001
From: Dorian <z00york@mac.com>
Date: Sat, 11 Apr 2026 23:54:16 -0400
Subject: [PATCH] fix: filebrowser auth cookie path for video/audio playback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cookie was scoped to /app/filebrowser but Cloud page reads it from
/dashboard/cloud — cookie was invisible. Changed to path=/ so the
auth token is accessible from any page for fetchBlobUrl calls.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 neode-ui/src/api/filebrowser-client.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/neode-ui/src/api/filebrowser-client.ts b/neode-ui/src/api/filebrowser-client.ts
index 18c91af9..5b7288ae 100644
--- a/neode-ui/src/api/filebrowser-client.ts
+++ b/neode-ui/src/api/filebrowser-client.ts
@@ -74,7 +74,7 @@ class FileBrowserClient {
 
       const expires = new Date(Date.now() + 24 * 60 * 60 * 1000).toUTCString()
       const secure = window.location.protocol === 'https:' ? '; Secure' : ''
-      document.cookie = `auth=${token}; path=/app/filebrowser; SameSite=Lax${secure}; expires=${expires}`
+      document.cookie = `auth=${token}; path=/; SameSite=Lax${secure}; expires=${expires}`
       this._authenticated = true
       return true
     } catch {