From 10a052da78056783b07f01223a1321b5f7bfca4d Mon Sep 17 00:00:00 2001
From: Motoko <motoko@openclaw.ai>
Date: Mon, 30 Mar 2026 15:59:00 +0000
Subject: [PATCH] Fix: Don't send Authorization header for auth endpoints

---
 src/composables/useApi.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/composables/useApi.ts b/src/composables/useApi.ts
index a19ad41..97262dd 100644
--- a/src/composables/useApi.ts
+++ b/src/composables/useApi.ts
@@ -30,7 +30,9 @@ export function useApi() {
       ...(options.headers as Record<string, string> || {})
     }
 
-    if (authStore.token) {
+    // Only add Authorization header for non-auth endpoints
+    // Auth endpoints (login, register, refresh) should NOT receive the old token
+    if (authStore.token && !endpoint.includes('/auth/')) {
       headers['Authorization'] = `Bearer ${authStore.token}`
     }