From c944a7d1019cd48f90d09415e46947304acb306a Mon Sep 17 00:00:00 2001 From: jubnl Date: Thu, 2 Apr 2026 14:05:15 +0200 Subject: [PATCH] fix: allow unauthenticated access to public share links Skip loadUser() and exclude /shared/ from the 401 redirect interceptor so unauthenticated users can open shared trip links without being redirected to /login. Fixes #308. --- client/src/App.tsx | 4 +++- client/src/api/client.ts | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/client/src/App.tsx b/client/src/App.tsx index 0235276..46e51a1 100644 --- a/client/src/App.tsx +++ b/client/src/App.tsx @@ -79,7 +79,9 @@ export default function App() { const { loadSettings } = useSettingsStore() useEffect(() => { - loadUser() + if (!location.pathname.startsWith('/shared/')) { + loadUser() + } authApi.getAppConfig().then(async (config: { demo_mode?: boolean; has_maps_key?: boolean; version?: string; timezone?: string; require_mfa?: boolean; trip_reminders_enabled?: boolean; permissions?: Record }) => { if (config?.demo_mode) setDemoMode(true) if (config?.has_maps_key !== undefined) setHasMapsKey(config.has_maps_key) diff --git a/client/src/api/client.ts b/client/src/api/client.ts index a901a5b..facf652 100644 --- a/client/src/api/client.ts +++ b/client/src/api/client.ts @@ -26,7 +26,7 @@ apiClient.interceptors.response.use( (response) => response, (error) => { if (error.response?.status === 401 && (error.response?.data as { code?: string } | undefined)?.code === 'AUTH_REQUIRED') { - if (!window.location.pathname.includes('/login') && !window.location.pathname.includes('/register')) { + if (!window.location.pathname.includes('/login') && !window.location.pathname.includes('/register') && !window.location.pathname.startsWith('/shared/')) { window.location.href = '/login' } }