- Add reload_to_origin(): saves initial iframe URL (with ?uuid=) to sessionStorage
on mount; all reload buttons use it instead of bare location.reload() so the UUID
is preserved after internal SvelteKit navigation strips it from the URL
- Fix TTL short-circuit to also check $ae_loc permissions — without this, a store
reset (browser restart, stale localStorage) while the TTL was still valid would
skip re-verification and fall straight to Access Denied
- Extend Novi verification TTL from 5 to 25 minutes
- Add Clear Cache & Reload option to the Access Denied state (iframe mode)
- Move Novi UUID debug info on Access Denied page to edit_mode only; UUID line
at bottom of auth'd pages stays always visible for troubleshooting
- Remove expired temporary tech-notice variables (template block was already commented out)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2855e091f7