# UnifiedFiler v1.9.7-fix2 Notes

## Purpose

This patch addresses Google Identity Services popup stability after v1.9.7 Google Drive UI improvements.

## Changes

- Added single-flight authorization in `GoogleIdentityAuthService`.
- Prevented duplicate concurrent `requestAccessToken()` calls when FileExplorer tree/list/API requests start at the same time.
- Changed the default token prompt from forced `consent` to an empty prompt for normal API requests.
- Kept the Google Drive demo Connect button using `prompt: 'consent'` for explicit user-initiated connection.
- Updated Google Drive browser setup docs with the COOP `window.closed` warning as Host/browser environment guidance.

## Notes

The browser warning `Cross-Origin-Opener-Policy policy would block the window.closed call` is emitted by the Google Identity Services popup flow when the current server opener policy blocks popup opener communication. It is not itself a Drive API error. If the OAuth popup completes and API calls succeed, it can be treated as a browser policy warning.

For Host systems that set COOP headers, use:

```http
Cross-Origin-Opener-Policy: same-origin-allow-popups
```

for pages that start Google Identity Services popup OAuth flows.
