When you navigate to an invite page (eg: https://files.mateimarica.dev/?invite=g_ZfWo4), it will refresh repeatedly forever, making the page unusable.
The URL ends up looking like https://files.mateimarica.dev/?invite=geZfWeq&signout=server&signout=server&signout=server&signout=server&signout=server ...
Cause
This is because the invite page makes a GET /notes on load. An INVITEE does not have permission to access that endpoint. So, /note will return a 444 response code, meaning "invalid access token".
As a response to the 444, the page will try to do a POST /login/refresh. However, invitees don't have refresh tokens, so this will return 400. Now the page will retry to log the user out by attaching a query param to the URL and refreshing the page:
window.location.search += '&signout=server';
However, the ?invite=g_ZfWo4 query param will still be attached. So, the the page will log the invitee in and the loop continues.
Solution
Make sure all the code related to the notesArea does not run for invite pages.
Clear all parameters from URL before adding signout parameter.
Problem
When you navigate to an invite page (eg:
https://files.mateimarica.dev/?invite=g_ZfWo4), it will refresh repeatedly forever, making the page unusable.The URL ends up looking like
https://files.mateimarica.dev/?invite=geZfWeq&signout=server&signout=server&signout=server&signout=server&signout=server...Cause
This is because the invite page makes a
GET /noteson load. AnINVITEEdoes not have permission to access that endpoint. So,/notewill return a444response code, meaning "invalid access token".As a response to the
444, the page will try to do aPOST /login/refresh. However, invitees don't have refresh tokens, so this will return400. Now the page will retry to log the user out by attaching a query param to the URL and refreshing the page:However, the
?invite=g_ZfWo4query param will still be attached. So, the the page will log the invitee in and the loop continues.Solution
signoutparameter.