fix(auth): avoid SharedWorker startup on localhost dev http

Skip WebSession worker initialization for localhost/127.0.0.1 over http and use SessionCore with IndexedDB directly.

This prevents browser SecurityError noise from file:// worker resolution in local dev while keeping normal session behavior in other environments.

Author: bourgeoa

src/authSession/authSession.ts

@@ -148,6 +148,14 @@ class IndexedDbSessionDatabase implements SessionDatabase {
 }
 
 function createSession (): OidcSession {
+  const shouldSkipWorkerInLocalDev = typeof window !== 'undefined' &&
+    window.location.protocol === 'http:' &&
+    /^(localhost|127\.0\.0\.1)$/.test(window.location.hostname)
+
+  if (shouldSkipWorkerInLocalDev) {
+    return new SessionCore(undefined, { database: new IndexedDbSessionDatabase() })
+  }
+
   try {
     return new WebSession()
   } catch (error) {