Tom Boucher f4db25b9b8 fix(web): persist auth token in sessionStorage to survive page refreshes (#1877) ... Next.js 16 auto-detects web/proxy.ts as middleware, gating all /api/* routes behind bearer token validation. The token was only cached in memory (lost on page refresh) and extracted from the URL hash fragment (cleared after first extraction). This caused 401 errors on page refresh and broke the sendBeacon shutdown call which cannot set custom headers. Changes: - Persist the auth token to sessionStorage after extracting from the URL fragment so it survives page refreshes within the same tab - Fall back to sessionStorage when the URL hash is absent (refresh, bookmark without hash) - Pass the auth token as a _token query parameter in the sendBeacon shutdown call since sendBeacon cannot set Authorization headers - Add regression tests for token persistence, sessionStorage fallback, and sendBeacon authentication Fixes #1851 Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-03-21 15:25:27 -06:00
..
gsd	fix(web): persist auth token in sessionStorage to survive page refreshes (#1877)	2026-03-21 15:25:27 -06:00
ui	feat(web): browser-based web interface (#1717)	2026-03-21 12:16:54 -06:00
theme-provider.tsx	feat(web): browser-based web interface (#1717)	2026-03-21 12:16:54 -06:00