Desktop: always navigate through /machines/handshake to set cookies in first-party context

apps/desktop/src/main.tsx

@@ -441,24 +441,15 @@ function App() {
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ machineToken: token, rememberMe: true }),
       })
-      if (!res.ok) {
-        // Fallback para o handshake por redirecionamento
-        const persona = (config?.accessRole ?? accessRole) === "manager" ? "manager" : "collaborator"
-        const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/debug"
-        const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
-        window.location.href = url
-        return
-      }
+      // Independente do resultado do POST, seguimos para o handshake em
+      // navegação de primeiro plano para garantir gravação de cookies.
     } catch {
-      const persona = (config?.accessRole ?? accessRole) === "manager" ? "manager" : "collaborator"
-      const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/debug"
-      const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
-      window.location.href = url
-      return
+      // ignoramos e seguimos para o handshake
     }
     const persona = (config?.accessRole ?? accessRole) === "manager" ? "manager" : "collaborator"
-    const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/debug"
-    window.location.href = `${resolvedAppUrl}${redirectTarget}`
+    const redirectTarget = persona === "manager" ? "/dashboard" : "/portal"
+    const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
+    window.location.href = url
   }, [token, config?.accessRole, accessRole, resolvedAppUrl, apiBaseUrl])
 
   async function reprovision() {