fix: remove var sessionToken/sessionUser from injected script — conflicted with main script let declarations, killing all JS including logout()

This commit is contained in:
2026-06-01 10:09:14 +00:00
parent 7286b999ff
commit 6ba412a886
+4 -5
View File
@@ -12,19 +12,18 @@ $token = $_SESSION['jarvis_token'];
$name = $_SESSION['jarvis_name'] ?? ''; $name = $_SESSION['jarvis_name'] ?? '';
$html = file_get_contents(__DIR__ . '/index.html'); $html = file_get_contents(__DIR__ . '/index.html');
// 1. Inject token as JS globals — no sessionStorage dependency // Inject token as JS globals — __jarvisToken/__jarvisUser only (no var sessionToken/sessionUser
// which would conflict with the main script's `let` declarations and cause a SyntaxError)
$inject = '<script data-cfasync="false">' $inject = '<script data-cfasync="false">'
. 'var __jarvisToken=' . json_encode($token) . ';' . 'var __jarvisToken=' . json_encode($token) . ';'
. 'var __jarvisUser=' . json_encode($name) . ';' . 'var __jarvisUser=' . json_encode($name) . ';'
. 'var sessionToken=' . json_encode($token) . ';'
. 'var sessionUser=' . json_encode($name) . ';'
. 'try{sessionStorage.setItem("jarvis_token",__jarvisToken);' . 'try{sessionStorage.setItem("jarvis_token",__jarvisToken);'
. 'sessionStorage.setItem("jarvis_user",__jarvisUser);}catch(e){}' . 'sessionStorage.setItem("jarvis_user",__jarvisUser);}catch(e){}'
. '</script>'; . '</script>';
$html = str_replace('<head>', '<head>' . $inject, $html); $html = str_replace('<head>', '<head>' . $inject, $html);
// 2. Force login screen HIDDEN and app VISIBLE at the HTML level // Force login screen hidden and app visible at HTML level so the dashboard
// so even if JS fails the user sees the dashboard, not the login form // shows immediately regardless of JS execution order
$html = str_replace( $html = str_replace(
'<div id="loginScreen">', '<div id="loginScreen">',
'<div id="loginScreen" style="display:none!important">', '<div id="loginScreen" style="display:none!important">',