Select the types of activity you want to include in your feed.
Add localStorage fallback for PWA OAuth
When navigating through external OAuth providers, window.opener is lost, causing postMessage to fail. The callback now stores the result in localStorage as a fallback mechanism.
···2233All notable changes to this project will be documented in this file.
4455+## [2.5.1] - 2025-01-09
66+77+### Fixed
88+99+- **PWA OAuth localStorage fallback**: Added localStorage-based communication as
1010+ a fallback for PWA OAuth flows. When navigating through external OAuth
1111+ providers (like bsky.social), the `window.opener` reference is lost, causing
1212+ `postMessage` to fail. The callback now stores the result in localStorage,
1313+ which the opener can read via the `storage` event or by checking localStorage
1414+ when the popup closes.
1515+516## [2.5.0] - 2025-01-09
617718### Added
···2334// PWA detects standalone mode and opens OAuth in popup
2435const popup = window.open("/login?handle=user.bsky&pwa=true", "oauth-popup");
25362626-// Listen for postMessage from popup
2727-window.addEventListener("message", (event) => {
2828- if (event.data.type === "oauth-callback" && event.data.success) {
3737+// Listen for both postMessage and localStorage
3838+window.addEventListener("message", handleOAuthResult);
3939+window.addEventListener("storage", (e) => {
4040+ if (e.key === "pwa-oauth-result") handleOAuthResult(JSON.parse(e.newValue));
4141+});
4242+4343+function handleOAuthResult(data) {
4444+ if (data.type === "oauth-callback" && data.success) {
2945 // Session cookie is set, reload to pick it up
3046 location.reload();
3147 }
3232-});
4848+}
3349```
34503551### Security
36523753- PWA callbacks still set the session cookie for API authentication
3854- The `postMessage` only sends `did` and `handle` (no tokens)
3939-- Fallback redirect to home page if `window.opener` is unavailable
5555+- localStorage data is cleared after successful read
40564157## [2.4.0] - 2025-12-14
4258