fix: inject token as JS global (no sessionStorage needed), skip bridge.php, direct login→app

This commit is contained in:
2026-06-01 10:01:00 +00:00
parent 2af5c03f1a
commit e0fc31332c
3 changed files with 16 additions and 7 deletions
+7 -2
View File
@@ -9,6 +9,11 @@ if (empty($_SESSION['jarvis_token'])) {
$token = $_SESSION['jarvis_token'];
$name = $_SESSION['jarvis_name'] ?? '';
$html = file_get_contents(__DIR__ . '/index.html');
$inject = '<script>sessionStorage.setItem("jarvis_token",' . json_encode($token)
. ');sessionStorage.setItem("jarvis_user",' . json_encode($name) . ');</script>';
// Inject token as JS globals — no sessionStorage dependency at all
$inject = '<script data-cfasync="false">'
. 'var __jarvisToken=' . json_encode($token) . ';'
. 'var __jarvisUser=' . json_encode($name) . ';'
. 'try{sessionStorage.setItem("jarvis_token",__jarvisToken);'
. 'sessionStorage.setItem("jarvis_user",__jarvisUser);}catch(e){}'
. '</script>';
echo str_replace('<head>', '<head>' . $inject, $html);