Merge pull request #21 from codebridger/dev

Skip token writes to host local storage on dashboard origins #86exgqfpu

Author: navidshad

CHANGELOG-DEV.md

@@ -1,3 +1,17 @@
+# [1.11.0-dev.4](https://github.com/codebridger/subturtle-extension-apps/compare/v1.11.0-dev.3...v1.11.0-dev.4) (2026-05-06)
+
+
+### Bug Fixes
+
+* [#86](https://github.com/codebridger/subturtle-extension-apps/issues/86)exgqfpu skip token writes to host LS on dashboard origins ([838451e](https://github.com/codebridger/subturtle-extension-apps/commit/838451e9ad10d3a3755691b4ca586a0d3815a008)), closes [#86exgqfpu](https://github.com/codebridger/subturtle-extension-apps/issues/86exgqfpu)
+
+# [1.11.0-dev.3](https://github.com/codebridger/subturtle-extension-apps/compare/v1.11.0-dev.2...v1.11.0-dev.3) (2026-05-04)
+
+
+### Bug Fixes
+
+* persist anonymous tokens and stop logout-cascade on anon sessions ([825db93](https://github.com/codebridger/subturtle-extension-apps/commit/825db93ddf441d9c1791ae45016d85e98360e856))
+
 # [1.11.0-dev.2](https://github.com/codebridger/subturtle-extension-apps/compare/v1.11.0-dev.1...v1.11.0-dev.2) (2026-05-03)
 
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "subturtle-extension",
-  "version": "1.11.0",
+  "version": "1.11.0-dev.4",
   "private": true,
   "scripts": {
     "dev": "webpack --watch",
@@ -60,4 +60,4 @@
     "vue": "3.5.17",
     "vue-router": "4.5.1"
   }
-}
+}

src/plugins/modular-rest.ts

@@ -1,3 +1,43 @@
+// IMPORTANT: must precede any import that may touch localStorage at module load.
+// Content scripts run in an "isolated world" that shares localStorage with the
+// host page. The dashboard at *.subturtle.app and localhost:3000 (dev) uses
+// `token` as its own localStorage key for the user's session — when the
+// extension's modular-rest client (or our explicit cache write below) writes
+// the extension's anonymous token there, it clobbers the dashboard user's
+// session and bounces them to /auth/login on the next reload or new tab.
+//
+// Block 'token' writes/removes from the content-script side on those origins.
+// The extension already persists tokens to chrome.storage.sync via the
+// background script, so losing the per-page localStorage cache only costs
+// one extra /user/loginAnonymous call per content-script mount on dashboard
+// origins — it does NOT break extension auth.
+function isDashboardOrigin(): boolean {
+  if (typeof window === "undefined") return false;
+  const host = window.location.hostname;
+  const port = window.location.port;
+  return (
+    (host === "localhost" && port === "3000") ||
+    host === "subturtle.app" ||
+    host === "www.subturtle.app" ||
+    host === "dashboard.subturtle.app" ||
+    host === "www.dashboard.subturtle.app"
+  );
+}
+
+if (typeof Storage !== "undefined" && isDashboardOrigin()) {
+  const origSet = Storage.prototype.setItem;
+  const origRm = Storage.prototype.removeItem;
+  Storage.prototype.setItem = function (k: string, v: string) {
+    // Only suppress writes to localStorage on the dashboard, never sessionStorage.
+    if (this === window.localStorage && k === "token") return;
+    return origSet.call(this, k, v);
+  };
+  Storage.prototype.removeItem = function (k: string) {
+    if (this === window.localStorage && k === "token") return;
+    return origRm.call(this, k);
+  };
+}
+
 import { GlobalOptions, authentication } from "@modular-rest/client";
 
 import { sendMessage, sendMessageToTabs } from "../common/helper/massage";

static/manifest.json

@@ -1,7 +1,7 @@
 {
 	"name": "Subturtle",
 	"description": "Turn video subtitles into English lessons. Learn new vocabulary in context as you watch on YouTube and Netflix.",
-	"version": "1.11.0",
+	"version": "1.11.0.4",
 	"manifest_version": 3,
 	"icons": {
 		"128": "/assets/logo-128.png",
@@ -79,5 +79,6 @@
 				"<all_urls>"
 			]
 		}
-	]
-}
+	],
+	"version_name": "1.11.0-dev.4"
+}