From d576a0fe2d03d5695786a2c7a1934c247e02cb73 Mon Sep 17 00:00:00 2001
From: Jared Vititoe <jjvititoe1@gmail.com>
Date: Tue, 17 Mar 2026 20:43:08 -0400
Subject: [PATCH] Auto-reload on auth timeout (401 response)

Wrap window.fetch so any 401 triggers window.location.reload(),
sending the browser back through the Authelia proxy to the login page.
Covers all pages since app.js is loaded by base.html.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 static/app.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/static/app.js b/static/app.js
index d964102..a9c2cd5 100644
--- a/static/app.js
+++ b/static/app.js
@@ -1,5 +1,19 @@
 'use strict';
 
+// ── Auto-redirect on auth timeout ─────────────────────────────────────
+// Intercept all fetch() calls: if the server returns 401 (auth expired),
+// reload the page so Authelia redirects to the login screen.
+(function () {
+  const _fetch = window.fetch;
+  window.fetch = async function (...args) {
+    const resp = await _fetch(...args);
+    if (resp.status === 401) {
+      window.location.reload();
+    }
+    return resp;
+  };
+})();
+
 // ── Toast notifications — delegates to lt.toast from base.js ─────────
 function showToast(msg, type = 'success') {
   if (type === 'error')   return lt.toast.error(msg);