From 0797a8f55cb3de00f446171492132c3ce6b6584c Mon Sep 17 00:00:00 2001
From: Lars <Lars@stommer.de>
Date: Wed, 18 Mar 2026 22:00:35 +0100
Subject: [PATCH] fix: export endpoints now include auth headers

Changed from window.open() to fetch() + Blob download.
window.open() cannot send custom headers, causing 401 errors.

**Changed:**
- exportZip: fetch with auth, download blob as .zip
- exportJson: fetch with auth, download blob as .json
- exportCsv: fetch with auth, download blob as .csv

All exports now work with authenticated sessions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 frontend/src/utils/api.js | 42 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 39 insertions(+), 3 deletions(-)

diff --git a/frontend/src/utils/api.js b/frontend/src/utils/api.js
index 003f9e4..5b6792b 100644
--- a/frontend/src/utils/api.js
+++ b/frontend/src/utils/api.js
@@ -88,9 +88,45 @@ export const api = {
   insightPipeline: ()    => req('/insights/pipeline',{method:'POST'}),
   listInsights:    ()    => req('/insights'),
   latestInsights:  ()    => req('/insights/latest'),
-  exportZip:       ()    => window.open(`${BASE}/export/zip`),
-  exportJson:      ()    => window.open(`${BASE}/export/json`),
-  exportCsv:       ()    => window.open(`${BASE}/export/csv`),
+  exportZip: async () => {
+    const res = await fetch(`${BASE}/export/zip`, {headers: hdrs()})
+    if (!res.ok) throw new Error('Export failed')
+    const blob = await res.blob()
+    const url = window.URL.createObjectURL(blob)
+    const a = document.createElement('a')
+    a.href = url
+    a.download = `mitai-export-${new Date().toISOString().split('T')[0]}.zip`
+    document.body.appendChild(a)
+    a.click()
+    document.body.removeChild(a)
+    window.URL.revokeObjectURL(url)
+  },
+  exportJson: async () => {
+    const res = await fetch(`${BASE}/export/json`, {headers: hdrs()})
+    if (!res.ok) throw new Error('Export failed')
+    const blob = await res.blob()
+    const url = window.URL.createObjectURL(blob)
+    const a = document.createElement('a')
+    a.href = url
+    a.download = `mitai-export-${new Date().toISOString().split('T')[0]}.json`
+    document.body.appendChild(a)
+    a.click()
+    document.body.removeChild(a)
+    window.URL.revokeObjectURL(url)
+  },
+  exportCsv: async () => {
+    const res = await fetch(`${BASE}/export/csv`, {headers: hdrs()})
+    if (!res.ok) throw new Error('Export failed')
+    const blob = await res.blob()
+    const url = window.URL.createObjectURL(blob)
+    const a = document.createElement('a')
+    a.href = url
+    a.download = `mitai-export-${new Date().toISOString().split('T')[0]}.csv`
+    document.body.appendChild(a)
+    a.click()
+    document.body.removeChild(a)
+    window.URL.revokeObjectURL(url)
+  },
 
   // Admin
   adminListProfiles:    ()        => req('/admin/profiles'),