fix(shared,clerk-js): Do not replace current URL if it does not conta…

…in a clerk token (#2879)

* fix(shared,clerk-js): Do not replace current URL if it does not contain a clerk token

* Create calm-pears-attack.md

.changeset/calm-pears-attack.md

@@ -0,0 +1,6 @@
+---
+"@clerk/shared": patch
+"@clerk/clerk-js": patch
+---
+
+fix(shared,clerk-js): Do not replace current URL if it does not contain a clerk token

packages/shared/src/__tests__/devbrowser.test.ts

@@ -49,16 +49,16 @@ describe('getDevBrowserJWTFromURL(url)', () => {
     replaceStateMock.mockReset();
   });
 
-  it('does not replaceState if the url does not contain a dev browser JWT', () => {
-    expect(extractDevBrowserJWTFromURL(new URL('/foo', DUMMY_URL_BASE))).toEqual('');
-    expect(replaceStateMock).not.toHaveBeenCalled();
-  });
-
-  it('does call replaceState if the url contains a dev browser JWT', () => {
+  it('it calls replaceState and clears the url if it contains any devBrowser related token', () => {
     expect(extractDevBrowserJWTFromURL(new URL('/foo?__clerk_db_jwt=token', DUMMY_URL_BASE))).toEqual('token');
     expect(replaceStateMock).toHaveBeenCalled();
   });
 
+  it('it does not call replaceState if the clean url is the same as the current url', () => {
+    expect(extractDevBrowserJWTFromURL(new URL('/foo?__otherParam=hello', DUMMY_URL_BASE))).toEqual('');
+    expect(replaceStateMock).not.toHaveBeenCalled();
+  });
+
   const testCases: Array<[string, string]> = [
     ['', ''],
     ['foo', ''],

packages/shared/src/devBrowser.ts

@@ -26,7 +26,8 @@ export function setDevBrowserJWTInURL(url: URL, jwt: string): URL {
  */
 export function extractDevBrowserJWTFromURL(url: URL): string {
   const jwt = readDevBrowserJwtFromSearchParams(url);
-  if (typeof globalThis.history !== 'undefined') {
+  const cleanUrl = removeDevBrowserJwt(url);
+  if (cleanUrl.href !== url.href && typeof globalThis.history !== 'undefined') {
     globalThis.history.replaceState(null, '', removeDevBrowserJwt(url));
   }
   return jwt;