fix(auth): preserve key string in key_checked to prevent access denied on navigation

key_checked was set to boolean true in Case 3, which +layout.svelte then persisted back to localStorage. On the next keyless navigation, the check true === 'actual-key-string' always failed, causing Access Denied after just one internal page navigation. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-01 09:44:34 -04:00
parent 62e1115b05
commit 113aae23a7
1 changed files with 6 additions and 0 deletions
--- a/src/routes/+layout.ts
+++ b/src/routes/+layout.ts
@@ -466,6 +466,12 @@ export async function load({ fetch, params, parent, route, url }) {
                        (stored_key === ae_loc_init['site_access_key'] ||
                            stored_key === ae_loc_init['site_domain_access_key'])
                    ) {
+                        // IMPORTANT: set key_checked to the actual key string, NOT true.
+                        // If we leave key_checked = true (boolean), +layout.svelte will
+                        // persist that back to localStorage, clobbering the key string.
+                        // On the very next navigation, true === 'actual-key' fails and
+                        // every subsequent page shows "Access Denied".
+                        ae_loc_init['key_checked'] = stored_key;
                        ae_loc_init['allow_access'] = stored_key;
                    }
                }