diff --git a/client/src/utils/api.js b/client/src/utils/api.js
index 597dac5..eee33bf 100644
--- a/client/src/utils/api.js
+++ b/client/src/utils/api.js
@@ -37,8 +37,10 @@ const normalize = (data) => {
 const handleResponse = async (r, label) => {
   if (!r.ok) {
     if (r.status === 401) {
-      // Unauthorized (not logged in) - redirect to login if not already there
-      if (!window.location.pathname.includes('/login')) {
+      // Unauthorized — redirect to login unless on a public page
+      const p = window.location.pathname;
+      const isPublic = p.startsWith('/review/') || p.startsWith('/review-post/') || p.startsWith('/submit-issue') || p.startsWith('/track/');
+      if (!p.includes('/login') && !isPublic) {
         window.location.href = '/login';
       }
     }