From 04bb9e3c140d4b559921893040b36158a0dd5957 Mon Sep 17 00:00:00 2001
From: poduck <poduck@gmail.com>
Date: Wed, 3 Dec 2025 15:28:17 -0500
Subject: [PATCH] fix(auth): Allow accept-invite on subdomains without redirect
 to login
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Don't redirect unauthenticated users to login when accessing public paths
like /accept-invite, /verify-email, or /tenant-onboard on subdomains.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 frontend/src/App.tsx | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx
index 4509fda..13217b3 100644
--- a/frontend/src/App.tsx
+++ b/frontend/src/App.tsx
@@ -297,7 +297,12 @@ const AppContent: React.FC = () => {
       : currentHostname;
     const isRootDomainForUnauthUser = currentHostname === baseDomain || currentHostname === 'localhost';
 
-    if (!isRootDomainForUnauthUser) {
+    // Don't redirect for certain public paths that should work on any subdomain
+    const publicPaths = ['/accept-invite', '/verify-email', '/tenant-onboard'];
+    const currentPath = window.location.pathname;
+    const isPublicPath = publicPaths.some(path => currentPath.startsWith(path));
+
+    if (!isRootDomainForUnauthUser && !isPublicPath) {
       // Redirect to root domain login (preserve port)
       const protocol = window.location.protocol;
       const port = window.location.port ? `:${window.location.port}` : '';