From 35a0c4d6ce9f43fa2b3863d5230fd97461190e2d Mon Sep 17 00:00:00 2001
From: fahed <fahed@softhouse.io>
Date: Fri, 6 Mar 2026 23:37:21 +0300
Subject: [PATCH] fix: allow unauthenticated access to public review pages

The 401 handler in api.js was redirecting to /login on ALL pages,
including public review/approval pages, defeating their purpose.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 client/src/utils/api.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/client/src/utils/api.js b/client/src/utils/api.js
index 597dac5..eee33bf 100644
--- a/client/src/utils/api.js
+++ b/client/src/utils/api.js
@@ -37,8 +37,10 @@ const normalize = (data) => {
 const handleResponse = async (r, label) => {
   if (!r.ok) {
     if (r.status === 401) {
-      // Unauthorized (not logged in) - redirect to login if not already there
-      if (!window.location.pathname.includes('/login')) {
+      // Unauthorized — redirect to login unless on a public page
+      const p = window.location.pathname;
+      const isPublic = p.startsWith('/review/') || p.startsWith('/review-post/') || p.startsWith('/submit-issue') || p.startsWith('/track/');
+      if (!p.includes('/login') && !isPublic) {
         window.location.href = '/login';
       }
     }