Security Enhancement: Header-Based SSE Authentication
What's New:
- Server-Sent Events now use secure header authentication instead of query parameters
- Eliminates auth tokens from URLs for better OWASP compliance
- Improved security with proper encrypted header transmission
Technical Changes:
- Updated SSE endpoints to use FastAPI dependency injection
- New frontend SSE client with
@microsoft/fetch-event-source - Seamless integration with existing token refresh system
Impact: More secure real-time sync progress updates with no functional changes for users.