Merged in fix/webview-fix (pull request #2512)

Let webview pass if we have it stored but they are not sending any auth token

* Let webview pass if we have it stored but they are not sending any auth token

apps/scandic-web/middlewares/webView.ts

@@ -68,9 +68,17 @@ export const middleware: NextMiddleware = async (request) => {
   const authorizationToken = request.headers.get("X-Authorization")
   const webviewTokenCookie = request.cookies.get("webviewToken")
 
-  if (webviewTokenCookie && webviewTokenCookie.value === authorizationToken) {
-    // since the token exists, this is a subsequent visit
-    // we're done, allow it
+  if (
+    (webviewTokenCookie && webviewTokenCookie.value === authorizationToken) ||
+    (webviewTokenCookie && !authorizationToken)
+  ) {
+    // If the webviewToken cookie is present and matches the authorization token,
+    // we can skip decryption and just rewrite the request with the existing cookie.
+    // OR
+    // If the webviewToken cookie is present but no authorization token is provided
+    // we can skip the decryption and see if our cookie is valid.
+    // This handles when the app is navigating between pages inside the webview
+
     return handleWebviewRewrite({
       nextUrl,
       headers,