fix: password setup, CSRF 403, reboot after install
Critical fixes: - Remove ensure_default_user() — no more auto-creating user with password123. Login page now shows "Create Password" form on first boot. User sets their own password during onboarding flow. - CSRF 403: increased retry delay from 300ms to 500ms for stale cookie recovery after remember-me session restore. - Reboot: multiple fallback methods (/sbin/reboot, sysrq, kill init) when USB is pulled and /usr/sbin isn't available. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -78,10 +78,10 @@ class RPCClient {
|
||||
}
|
||||
throw new Error('Session expired')
|
||||
}
|
||||
// CSRF 403: retry once after short delay (cookie may have been
|
||||
// CSRF 403: retry twice after delay (cookie may have been
|
||||
// updated by a concurrent Set-Cookie response not yet visible to JS)
|
||||
if (response.status === 403 && attempt < maxRetries - 1) {
|
||||
await new Promise((r) => setTimeout(r, 300))
|
||||
await new Promise((r) => setTimeout(r, 500))
|
||||
continue
|
||||
}
|
||||
const err = new Error(`HTTP ${response.status}: ${response.statusText}`)
|
||||
|
||||
Reference in New Issue
Block a user