Conversation
# [1.11.0-dev.3](v1.11.0-dev.2...v1.11.0-dev.3) (2026-05-04) ### Bug Fixes * persist anonymous tokens and stop logout-cascade on anon sessions ([825db93](825db93))
The extension's content scripts (nibble, console-crane) inject @modular-rest/client into every page. Because content scripts share localStorage with the host, modular-rest's saveSession (and our explicit cache write) was overwriting the dashboard's own `token` localStorage key on subturtle.app and localhost:3000 — wiping the user's session and forcing them back to /auth/login on the next reload or new tab. Patch Storage.prototype.setItem/removeItem at module load (before @modular-rest/client is imported) to no-op on `token` writes when the host is the dashboard. Extension auth still works via chrome.storage.sync; we only lose the per-page LS cache on dashboard origins (one extra /user/loginAnonymous call per content-script mount, which is negligible). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
# [1.11.0-dev.4](v1.11.0-dev.3...v1.11.0-dev.4) (2026-05-06) ### Bug Fixes * [#86](https://github.com/codebridger/subturtle-extension-apps/issues/86)exgqfpu skip token writes to host LS on dashboard origins ([838451e](838451e)), closes [#86exgqfpu](https://github.com/codebridger/subturtle-extension-apps/issues/86exgqfpu)
Collaborator
Author
|
Task linked: CU-86exgqfpu Fix inconsistency on payment process |
navidshad
changed the title
|
🎉 This PR is included in version 1.11.1-dev.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
|
🎉 This PR is included in version 1.11.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🏷️ PR Title:
Fix: Skip token writes to host local storage on dashboard origins
📋 Summary
This PR introduces a fix to prevent token writes to the host's local storage when operating on dashboard origins. It also includes routine release chore commits for versions 1.11.0-dev.3 and 1.11.0-dev.4.
🔗 Related Tasks
#86exgqfpu - Skip token writes to host local storage on dashboard origins
📝 Additional Details
The change improves security and data integrity by avoiding unnecessary token storage on certain origins, specifically dashboard-related domains.
📜 Commit List
838451e fix: #86exgqfpu skip token writes to host LS on dashboard origins
6a6cb72 chore(release): 1.11.0-dev.3 [skip ci]
335ecbd chore(release): 1.11.0-dev.4 [skip ci]
fd7372b Merge remote-tracking branch 'origin/HEAD' into dev