You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
iOS: persistent "forbidden" (403) errors caused by iOS Safari/PWA not reliably exposing CSRF cookie via document.cookie. CSRF token is now returned in the response body of /auth/login and /auth/me and stored in-memory, bypassing cookie read issues entirely. Cookie is still set as fallback.
CSRF retry: /auth/me refresh now reads the token from the response body instead of relying on the cookie being available. Also handles expired sessions (401) during retry instead of silently failing.