From 5773aa69f38e5520b83ea348cf0ecf9fbb3e125e Mon Sep 17 00:00:00 2001
From: Esdras Renan <monkeyesdras@gmail.com>
Date: Tue, 14 Oct 2025 21:08:30 -0300
Subject: [PATCH] Desktop: always navigate through /machines/handshake to set
 cookies in first-party context

---
 apps/desktop/src/main.tsx | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/apps/desktop/src/main.tsx b/apps/desktop/src/main.tsx
index e152423..ad866cb 100644
--- a/apps/desktop/src/main.tsx
+++ b/apps/desktop/src/main.tsx
@@ -441,24 +441,15 @@ function App() {
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ machineToken: token, rememberMe: true }),
       })
-      if (!res.ok) {
-        // Fallback para o handshake por redirecionamento
-        const persona = (config?.accessRole ?? accessRole) === "manager" ? "manager" : "collaborator"
-        const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/debug"
-        const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
-        window.location.href = url
-        return
-      }
+      // Independente do resultado do POST, seguimos para o handshake em
+      // navegação de primeiro plano para garantir gravação de cookies.
     } catch {
-      const persona = (config?.accessRole ?? accessRole) === "manager" ? "manager" : "collaborator"
-      const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/debug"
-      const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
-      window.location.href = url
-      return
+      // ignoramos e seguimos para o handshake
     }
     const persona = (config?.accessRole ?? accessRole) === "manager" ? "manager" : "collaborator"
-    const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/debug"
-    window.location.href = `${resolvedAppUrl}${redirectTarget}`
+    const redirectTarget = persona === "manager" ? "/dashboard" : "/portal"
+    const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
+    window.location.href = url
   }, [token, config?.accessRole, accessRole, resolvedAppUrl, apiBaseUrl])
 
   async function reprovision() {