Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 505ef3ab0484efaf695b77b40e7ee75accb6be0b
https://github.com/WebKit/WebKit/commit/505ef3ab0484efaf695b77b40e7ee75accb6be0b
Author: Chris Dumez <[email protected]>
Date: 2026-05-20 (Wed, 20 May 2026)
Changed paths:
M Source/WebCore/Modules/fetch/FetchResponse.cpp
M Source/WebCore/page/Quirks.cpp
M Source/WebCore/page/Quirks.h
M Source/WebCore/page/QuirksData.h
Log Message:
-----------
claude.ai: Quirk to work around chat stuck in infinite reload loop after
logout
https://bugs.webkit.org/show_bug.cgi?id=315164
rdar://174779259
Reviewed by Brent Fulgham.
The Claude SPA's logout flow uses fetch('/api/auth/logout') to log the user
out. The server response clears the auth cookies, but leaves several
identification cookies (__ssid, __cf_bm, anthropic-device-id, lastActiveOrg,
activitySessionId) behind. On the next /chat boot, those non-auth cookies
are enough to push the SPA into an authenticated boot path; the bootstrap
call then 403s with "account_session_invalid", and the SPA reacts with
location.href = '/logout?...', producing an indefinite /chat <-> /logout
loop.
The bug appears to be on Anthropic's side; this quirk works around it by
deleting the surviving cookies after we observe a successful fetch to
claude.ai/api/auth/logout. The hook lives in
FetchResponse::Loader::didReceiveResponse so it fires for the SPA's logout
fetch.
* Source/WebCore/Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::Loader::didReceiveResponse):
* Source/WebCore/page/Quirks.cpp:
* Source/WebCore/page/Quirks.h:
* Source/WebCore/page/QuirksData.h:
Canonical link: https://commits.webkit.org/313632@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
