Summary of Changes

Hello @westonruter, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the handling of browser back/forward cache (bfcache) in scenarios involving WordPress's interim login modal. By introducing a BroadcastChannel for cross-tab communication, it ensures that the authentication state is consistently synchronized across all open instances of the application. This prevents the display of stale or unauthorized content from bfcache, particularly after a user's session changes or a different user logs in, thereby improving security and user experience.

Highlights

• Dynamic Session Token Tracking: The bfcache-invalidation.js script now uses a let variable latestSessionToken instead of a const initialSessionToken. This allows the session token to be updated dynamically, ensuring that the bfcache invalidation logic always compares against the most current authentication state.
• BroadcastChannel Integration for bfcache Invalidation: A new BroadcastChannel named nocache_bfcache_interim_login has been introduced in bfcache-invalidation.js. This channel listens for messages, and upon receiving one, it updates latestSessionToken. This mechanism not only keeps the session token current but also leverages the BroadcastChannel's inherent ability to block bfcache restoration when a message is received, preventing sensitive authenticated content from being exposed if a different user logs in via the interim login.
• PHP Integration for Interim Login Events: A new PHP function, print_interim_login_script, has been added to nocache-bfcache.php. This function hooks into the login_footer action and injects an inline JavaScript module onto the interim login screen. This script uses the same BroadcastChannel to post messages, signaling when a re-authentication is needed or has been successful, thereby triggering the bfcache invalidation logic in other open tabs/windows.
• JSHint Configuration Update: The package.json file has been updated to include jshintConfig, specifically adding "BroadcastChannel": false to the globals section. This ensures that JSHint correctly recognizes BroadcastChannel as a predefined global variable, preventing linting errors.

Code Review

This pull request integrates with the WordPress interim login modal to improve bfcache invalidation logic. It introduces a BroadcastChannel to communicate between the main window and the login modal. My review identifies a critical issue with a call to a non-existent function in the PHP code, an incorrect linting configuration in package.json, and a maintainability issue with a hardcoded string duplicated across files. I've provided suggestions to fix these issues.