From: nobodyz <n3otrax@xenonet.cc>
Subject: [PATCH] Filter out auth callback URLs from current-url persistence

When Butler saves the current URL on page load, it may store OAuth
callback URLs containing one-time auth codes. On next launch, Butler
tries to reload this expired callback URL, causing repeated failed
authentication attempts against the Home Assistant server.

Filter out URLs containing "auth_callback" query parameters and save
the server base URL instead.

--- a/src/MainWindow.vala
+++ b/src/MainWindow.vala
@@ -360,7 +360,13 @@
         string current_url = web_view.uri;

-        App.settings.set_string ("current-url", current_url);
+        // Don't persist OAuth callback URLs as they contain one-time
+        // auth codes that will fail on next launch
+        if ("auth_callback" in current_url) {
+            App.settings.set_string ("current-url", server);
+        } else {
+            App.settings.set_string ("current-url", current_url);
+        }

         if (current_url.has_prefix (default_server)) {