You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
iOS PWA: recurring "forbidden" (403) errors caused by CSRF token desync after app resume. The server now sends the correct CSRF token as X-CSRF-Token response header on every API response (not just /auth/me and /auth/login). The client reads the header from every response - including 403 errors - enabling instant self-healing without an extra /auth/me round-trip. SW cache bumped to v33 to ensure iOS PWA users pick up the fix.