fix: prevent auth logout by sending refresh request without expired access token header

js/services/directus.js

@@ -285,16 +285,24 @@ class DirectusService {
         if (!this.refreshToken) return false
         
         try {
-            const response = await this.post('/auth/refresh', {
+            const response = await fetch(`${this.baseUrl}/auth/refresh`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
                     refresh_token: this.refreshToken,
                     mode: 'json'
                 })
+            })
 
-            if (response.data) {
+            if (!response.ok) throw new Error('Refresh failed')
+
+            const result = await response.json()
+            
+            if (result.data) {
                 this.saveTokens(
-                    response.data.access_token,
-                    response.data.refresh_token,
-                    response.data.expires
+                    result.data.access_token,
+                    result.data.refresh_token,
+                    result.data.expires
                 )
                 return true
             }

js/services/notifications.js

@@ -33,6 +33,11 @@ class NotificationsService {
     async refresh() {
         if (!this.userHash) return
 
+        if (!auth.isLoggedIn()) {
+            this.destroy()
+            return
+        }
+
         try {
             const [count, notifications] = await Promise.all([
                 directus.getUnreadCount(this.userHash),
@@ -42,7 +47,9 @@ class NotificationsService {
             this.notifications = notifications
             this.notify()
         } catch (e) {
-            console.error('Failed to fetch notifications:', e)
+            if (e.status === 401 || e.status === 403) {
+                this.stopPolling()
+            }
         }
     }