Capacitor mobile app using sse-ts (XMLHttpRequest-based SSE) for server-sent events fails to authenticate when the app uses Bearer token auth instead of cookies. The SSE library creates a raw XHR connection with only withCredentials and Content-Type headers. On web, withCredentials sends session cookies automatically. On Capacitor/mobile, there are no cookies — auth is via Bearer token stored in the generated SDK client's header configuration. But the SSE streaming function never reads those SDK headers, so the POST to the SSE endpoint gets a 401. This is easy to miss because: (1) the SSE library is separate from the SDK's fetch pipeline, (2) web testing always works because cookies flow automatically, (3) the failure only manifests on native mobile where cookie-less Bearer auth is used.
Import the SDK configuration object and conditionally merge the Authorization header into SSE options. Read the Authorization value from the SDK headers object and spread it into the SSE headers if present. On web, no Authorization header exists in SDK config (cookies handle auth), so behavior is unchanged. On mobile, the Bearer token is injected by SDK initialization before any UI renders. The key insight: any HTTP connection outside the SDK fetch pipeline (SSE, WebSocket, raw XHR) needs explicit auth header forwarding on mobile platforms that don't use cookies.