remove query parameters on refresh

proxy/web/src/ErrorPage.tsx

@@ -7,7 +7,7 @@ import { PoweredByNetBird } from "@/components/PoweredByNetBird";
 import { StatusCard } from "@/components/StatusCard";
 import type { ErrorData } from "@/data";
 
-export function ErrorPage({ code, title, message, proxy = true, destination = true, requestId, simple = false }: ErrorData) {
+export function ErrorPage({ code, title, message, proxy = true, destination = true, requestId, simple = false, retryUrl }: ErrorData) {
   useEffect(() => {
     document.title = `${title} - NetBird Service`;
   }, [title]);
@@ -38,7 +38,7 @@ export function ErrorPage({ code, title, message, proxy = true, destination = tr
 
       {/* Buttons */}
       <div className="flex gap-3 justify-center items-center mb-6 z-10 relative">
-        <Button variant="primary" onClick={() => window.location.reload()}>
+        <Button variant="primary" onClick={() => retryUrl ? window.location.href = retryUrl : window.location.reload()}>
           <RotateCw size={16} />
           Refresh Page
         </Button>

proxy/web/src/data.ts

@@ -13,6 +13,7 @@ export interface ErrorData {
   destination?: boolean
   requestId?: string
   simple?: boolean
+  retryUrl?: string
 }
 
 // Data injected by Go templates

proxy/web/web.go

@@ -7,6 +7,7 @@ import (
 	"html/template"
 	"io/fs"
 	"net/http"
+	"net/url"
 	"path/filepath"
 	"strings"
 )
@@ -171,6 +172,18 @@ func ServeAccessDeniedPage(w http.ResponseWriter, r *http.Request, code int, tit
 			"message":   message,
 			"requestId": requestID,
 			"simple":    true,
+			"retryUrl":  stripAuthParams(r.URL),
 		},
 	}, code)
 }
+
+// stripAuthParams returns the request URI with auth-related query parameters removed.
+func stripAuthParams(u *url.URL) string {
+	q := u.Query()
+	q.Del("session_token")
+	q.Del("error")
+	q.Del("error_description")
+	clean := *u
+	clean.RawQuery = q.Encode()
+	return clean.RequestURI()
+}