From a62231987c3c522b787dbd6cd6bf4d3afa9316a4 Mon Sep 17 00:00:00 2001
From: Mario Zechner <badlogicgames@gmail.com>
Date: Mon, 1 Sep 2025 22:02:50 +0200
Subject: [PATCH] fix(ai): Add anthropic-dangerous-direct-browser-access header

- Required header for browser-based access to Anthropic API
- Added to both OAuth and regular API key authentication
- Ensures full browser compatibility
---
 packages/ai/src/providers/anthropic.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/packages/ai/src/providers/anthropic.ts b/packages/ai/src/providers/anthropic.ts
index 4aed5a51..2a1d9348 100644
--- a/packages/ai/src/providers/anthropic.ts
+++ b/packages/ai/src/providers/anthropic.ts
@@ -45,6 +45,7 @@ export class AnthropicLLM implements LLM<AnthropicLLMOptions> {
 		if (apiKey.includes("sk-ant-oat")) {
 			const defaultHeaders = {
 				accept: "application/json",
+				"anthropic-dangerous-direct-browser-access": "true",
 				"anthropic-beta": "oauth-2025-04-20,fine-grained-tool-streaming-2025-05-14",
 			};
 
@@ -61,7 +62,12 @@ export class AnthropicLLM implements LLM<AnthropicLLMOptions> {
 			});
 			this.isOAuthToken = true;
 		} else {
-			this.client = new Anthropic({ apiKey, baseURL: model.baseUrl, dangerouslyAllowBrowser: true });
+			const defaultHeaders = {
+				accept: "application/json",
+				"anthropic-dangerous-direct-browser-access": "true",
+				"anthropic-beta": "fine-grained-tool-streaming-2025-05-14",
+			};
+			this.client = new Anthropic({ apiKey, baseURL: model.baseUrl, dangerouslyAllowBrowser: true, defaultHeaders });
 			this.isOAuthToken = false;
 		}
 		this.modelInfo = model;