Able to access messages in Heroku app without knowing configured APPDIRECTORY

[GrahamBreydon]

• Platform: Desktop and Mobile
• Browser: All? (Tested in Firefox, Brave, Vanadium and Bromite)
• App Version: All since 0.73

• Describe the bug

  When accessing a Heroku hosted version of the app, it is possible to view messages without knowing the custom appdirectory when it is set.

To Reproduce

1. Navigate to the normal URL for the app (e.g. voip.herokuapp.com/qwerty1234567/dashboard). It opens normally.
2. Navigate to e.g. voip.herokuapp.com, it comes up with the 404 page.
3. Refresh the 404 page twice and then click "back". You are redirected to a directory called e.g. voip.herokuapp.com/undefined/dashboard, which is identical to e.g. voip.herokuapp.com/qwerty1234567/dashboard
4. If logging in rather than returning to the app, the same is true but you are redirected to a login screen at voip.herokuapp.com instead of the dashboard. On entering login details, you are redirected to e.g. voip.herokuapp.com/undefined/dashboard

Expected behavior When a custom appdirectory is set you can only login and view messages from that directory.

[0perationPrivacy]

I can reproduce the above, fix is on the way. It happens due to the web page caching everything. Really hard to clear login session for a domain without logging out the user every time. But I couldn't get to a login page without first knowing the custom directory. After that the session is cached so it doesn't kick you out even if you're on the wrong directory.

Will work on this without breaking browser functionality hopefully soon.