From 113aae23a705fb1e38a807c0df235e3a77bbcda4 Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Wed, 1 Apr 2026 09:44:34 -0400 Subject: [PATCH] fix(auth): preserve key string in key_checked to prevent access denied on navigation key_checked was set to boolean true in Case 3, which +layout.svelte then persisted back to localStorage. On the next keyless navigation, the check true === 'actual-key-string' always failed, causing Access Denied after just one internal page navigation. Co-Authored-By: Claude Sonnet 4.6 --- src/routes/+layout.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/routes/+layout.ts b/src/routes/+layout.ts index 0aef077b..241b7fea 100644 --- a/src/routes/+layout.ts +++ b/src/routes/+layout.ts @@ -466,6 +466,12 @@ export async function load({ fetch, params, parent, route, url }) { (stored_key === ae_loc_init['site_access_key'] || stored_key === ae_loc_init['site_domain_access_key']) ) { + // IMPORTANT: set key_checked to the actual key string, NOT true. + // If we leave key_checked = true (boolean), +layout.svelte will + // persist that back to localStorage, clobbering the key string. + // On the very next navigation, true === 'actual-key' fails and + // every subsequent page shows "Access Denied". + ae_loc_init['key_checked'] = stored_key; ae_loc_init['allow_access'] = stored_key; } }