Make sure to qualify requests made outside of adapters

ui/app/services/system.js

@@ -1,14 +1,18 @@
 import Ember from 'ember';
-import fetch from 'fetch';
 import PromiseObject from '../utils/classes/promise-object';
 import { namespace } from '../adapters/application';
 
-const { Service, computed } = Ember;
+const { Service, computed, inject } = Ember;
 
 export default Service.extend({
+  token: inject.service(),
+
   leader: computed(function() {
+    const token = this.get('token');
+
     return PromiseObject.create({
-      promise: fetch(`/${namespace}/status/leader`)
+      promise: token
+        .authorizedRequest(`/${namespace}/status/leader`)
         .then(res => res.json())
         .then(rpcAddr => ({ rpcAddr }))
         .then(leader => {

ui/app/services/token.js

@@ -1,6 +1,7 @@
 import Ember from 'ember';
+import fetch from 'fetch';
 
-const { Service, computed } = Ember;
+const { Service, computed, assign } = Ember;
 
 export default Service.extend({
   accessor: computed({
@@ -31,4 +32,15 @@ export default Service.extend({
       return value;
     },
   }),
+
+  authorizedRequest(url, options = {}) {
+    const headers = {};
+    const token = this.get('secret');
+
+    if (token) {
+      headers['X-Nomad-Token'] = token;
+    }
+
+    return fetch(url, assign(options, { headers }));
+  },
 });