damir/pgz-sport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth fix: apiPost/apiPut/apiDelete uses Bearer token

Browse Source 
sport2.html:
- apiPost: localStorage pgz_access → Authorization: Bearer
- apiPut, apiDelete added
- Better error toast

Login redirect (multiple files):
- Wrap auto-redirect in __pgz_made_api_call check
- Don't redirect on initial page load if user has no API call yet
This commit is contained in:
Damir Radulić
2026-05-05 18:22:52 +02:00
parent 1bc30d7881
commit 7608839473
2 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
static/app.html
+1 -1
View File
@@ -481,7 +481,7 @@ async function apiAuth(path, opts){
const onLogin = location.pathname.includes('/login');
if(!onLogin && !window.__pgz_redirecting){
window.__pgz_redirecting = true;
window.location.href = '/login?reason=unauthorized';
window.(window.__pgz_made_api_call ? location.href = '/login?reason=unauthorized' : console.warn('[auth] no token but no API call yet, skipping redirect'));
}
return {__unauthorized:true, status:401};
}