feat(docs): add decorateUrl to navigate callbacks for Safari ITP support

Why:
Safari's Intelligent Tracking Prevention (ITP) limits cookies set via API
responses from CNAME-cloaked subdomains to 7 days. This causes unexpected
session expiration for Safari users who don't visit frequently. The new
decorateUrl function in setActive/finalize navigate callbacks enables
automatic cookie refresh when needed.

What changed:
- Updated 25 doc files with decorateUrl pattern in navigate callbacks
- Pattern wraps destination URLs and checks if result is absolute (http)
  to determine whether to use window.location.href or router.push()
- Covers all custom flows: auth, legacy auth, Expo partials
- Skipped billing checkout finalize() - different API, not affected

Files: oauth-connections, sign-in-or-up, email-password, email-password-mfa,
email-sms-otp, passkeys, enterprise-connections, legal-acceptance,
embedded-email-links, multi-session-applications, session-tasks,
error-handling, forgot-password, application-invitations, expo partials

Author: nikosdouvlis

docs/_partials/expo/email-pass-sign-in.mdx

@@ -27,8 +27,13 @@ export default function Page() {
 
     if (signIn.status === 'complete') {
       await signIn.finalize({
-        navigate: () => {
-          router.push('/')
+        navigate: ({ decorateUrl }) => {
+          const url = decorateUrl('/')
+          if (url.startsWith('http')) {
+            window.location.href = url
+          } else {
+            router.push(url)
+          }
         },
       })
     }
@@ -44,8 +49,13 @@ export default function Page() {
 
     if (signIn.status === 'complete') {
       await signIn.finalize({
-        navigate: () => {
-          router.push('/')
+        navigate: ({ decorateUrl }) => {
+          const url = decorateUrl('/')
+          if (url.startsWith('http')) {
+            window.location.href = url
+          } else {
+            router.push(url)
+          }
         },
       })
     }

docs/_partials/expo/email-pass-sign-up.mdx

@@ -35,8 +35,13 @@ export default function Page() {
 
     if (signUp.status === 'complete') {
       await signUp.finalize({
-        navigate: () => {
-          router.push('/')
+        navigate: ({ decorateUrl }) => {
+          const url = decorateUrl('/')
+          if (url.startsWith('http')) {
+            window.location.href = url
+          } else {
+            router.push(url)
+          }
         },
       })
     }

docs/guides/development/custom-flows/account-updates/forgot-password.mdx

@@ -92,15 +92,20 @@ This guide demonstrates how to use Clerk's API to build a custom flow for resett
               // the newly created session (user is now signed in)
               setActive({
                 session: result.createdSessionId,
-                navigate: async ({ session }) => {
+                navigate: async ({ session, decorateUrl }) => {
                   if (session?.currentTask) {
                     // Check for tasks and navigate to custom UI to help users resolve them
                     // See https://clerk.com/docs/guides/development/custom-flows/authentication/session-tasks
                     console.log(session?.currentTask)
                     return
                   }
 
-                  router.push('/')
+                  const url = decorateUrl('/')
+                  if (url.startsWith('http')) {
+                    window.location.href = url
+                  } else {
+                    router.push(url)
+                  }
                 },
               })
               setError('')
@@ -502,15 +507,20 @@ In this case, you can prompt the user to reset their password using the exact sa
               // the newly created session (user is now signed in)
               setActive({
                 session: result.createdSessionId,
-                navigate: async ({ session }) => {
+                navigate: async ({ session, decorateUrl }) => {
                   if (session?.currentTask) {
                     // Check for tasks and navigate to custom UI to help users resolve them
                     // See https://clerk.com/docs/guides/development/custom-flows/authentication/session-tasks
                     console.log(session?.currentTask)
                     return
                   }
 
-                  router.push('/')
+                  const url = decorateUrl('/')
+                  if (url.startsWith('http')) {
+                    window.location.href = url
+                  } else {
+                    router.push(url)
+                  }
                 },
               })
               setError('')

docs/guides/development/custom-flows/authentication/application-invitations.mdx

@@ -60,8 +60,13 @@ To create a sign-up flow using the invitation token, you need to call the [`sign
         })
         if (signUp.status === 'complete') {
           await signUp.finalize({
-            navigate: () => {
-              router.push('/')
+            navigate: (decorateUrl) => {
+              const url = decorateUrl('/')
+              if (url.startsWith('http')) {
+                window.location.href = url
+              } else {
+                router.push(url)
+              }
             },
           })
         }

docs/guides/development/custom-flows/authentication/email-password-mfa.mdx

@@ -82,8 +82,13 @@ This guide will walk you through how to build a custom email/password sign-in fl
             })
             if (signIn.status === 'complete') {
               await signIn.finalize({
-                navigate: () => {
-                  router.push('/')
+                navigate: (decorateUrl) => {
+                  const url = decorateUrl('/')
+                  if (url.startsWith('http')) {
+                    window.location.href = url
+                  } else {
+                    router.push(url)
+                  }
                 },
               })
             }
@@ -101,8 +106,13 @@ This guide will walk you through how to build a custom email/password sign-in fl
 
             if (signIn.status === 'complete') {
               await signIn.finalize({
-                navigate: () => {
-                  router.push('/')
+                navigate: (decorateUrl) => {
+                  const url = decorateUrl('/')
+                  if (url.startsWith('http')) {
+                    window.location.href = url
+                  } else {
+                    router.push(url)
+                  }
                 },
               })
             }
@@ -204,8 +214,13 @@ This guide will walk you through how to build a custom email/password sign-in fl
 
             if (signIn.status === 'complete') {
               await signIn.finalize({
-                navigate: () => {
-                  router.push('/')
+                navigate: (decorateUrl) => {
+                  const url = decorateUrl('/')
+                  if (url.startsWith('http')) {
+                    window.location.href = url
+                  } else {
+                    router.push(url)
+                  }
                 },
               })
             }

docs/guides/development/custom-flows/authentication/email-password.mdx

@@ -76,8 +76,13 @@ This guide will walk you through how to build a custom email/password sign-up an
           })
           if (signUp.status === 'complete') {
             await signUp.finalize({
-              navigate: () => {
-                router.push('/dashboard')
+              navigate: (decorateUrl) => {
+                const url = decorateUrl('/dashboard')
+                if (url.startsWith('http')) {
+                  window.location.href = url
+                } else {
+                  router.push(url)
+                }
               },
             })
           }
@@ -395,8 +400,13 @@ This guide will walk you through how to build a custom email/password sign-up an
           })
           if (signIn.status === 'complete') {
             await signIn.finalize({
-              navigate: () => {
-                router.push('/')
+              navigate: (decorateUrl) => {
+                const url = decorateUrl('/')
+                if (url.startsWith('http')) {
+                  window.location.href = url
+                } else {
+                  router.push(url)
+                }
               },
             })
           }
@@ -414,8 +424,13 @@ This guide will walk you through how to build a custom email/password sign-up an
 
           if (signIn.status === 'complete') {
             await signIn.finalize({
-              navigate: () => {
-                router.push('/')
+              navigate: (decorateUrl) => {
+                const url = decorateUrl('/')
+                if (url.startsWith('http')) {
+                  window.location.href = url
+                } else {
+                  router.push(url)
+                }
               },
             })
           }

docs/guides/development/custom-flows/authentication/email-sms-otp.mdx

@@ -71,8 +71,13 @@ This guide will walk you through how to build a custom SMS OTP sign-up and sign-
             await signUp.verifications.verifyPhoneCode({ code })
             if (signUp.status === 'complete') {
               await signUp.finalize({
-                navigate: () => {
-                  router.push('/dashboard')
+                navigate: (decorateUrl) => {
+                  const url = decorateUrl('/dashboard')
+                  if (url.startsWith('http')) {
+                    window.location.href = url
+                  } else {
+                    router.push(url)
+                  }
                 },
               })
             }
@@ -388,8 +393,13 @@ This guide will walk you through how to build a custom SMS OTP sign-up and sign-
             await signIn.phoneCode.verifyCode({ code })
             if (signIn.status === 'complete') {
               await signIn.finalize({
-                navigate: () => {
-                  router.push('/')
+                navigate: (decorateUrl) => {
+                  const url = decorateUrl('/')
+                  if (url.startsWith('http')) {
+                    window.location.href = url
+                  } else {
+                    router.push(url)
+                  }
                 },
               })
             }

docs/guides/development/custom-flows/authentication/embedded-email-links.mdx

@@ -88,13 +88,18 @@ This guide will demonstrate how to generate a sign-in token and use it to sign i
                 // If the sign-in was successful, set the session to active
                 if (signIn.status === 'complete') {
                   signIn.finalize({
-                    navigate: async ({ session }) => {
+                    navigate: async ({ session, decorateUrl }) => {
                       if (session?.currentTask) {
                         console.log(session?.currentTask)
                         return
                       }
 
-                      router.push('/')
+                      const url = decorateUrl('/')
+                      if (url.startsWith('http')) {
+                        window.location.href = url
+                      } else {
+                        router.push(url)
+                      }
                     },
                   })
                 } else {
@@ -170,13 +175,18 @@ This guide will demonstrate how to generate a sign-in token and use it to sign i
                 // If the sign-in was successful, set the session to active
                 if (signIn.status === 'complete') {
                   signIn.finalize({
-                    navigate: async ({ session }) => {
+                    navigate: async ({ session, decorateUrl }) => {
                       if (session?.currentTask) {
                         console.log(session?.currentTask)
                         return
                       }
 
-                      router.push('/')
+                      const url = decorateUrl('/')
+                      if (url.startsWith('http')) {
+                        window.location.href = url
+                      } else {
+                        router.push(url)
+                      }
                     },
                   })
                 }

docs/guides/development/custom-flows/authentication/enterprise-connections.mdx

@@ -118,15 +118,20 @@ You must configure your application instance through the Clerk Dashboard for the
           if (createdSessionId) {
             setActive!({
               session: createdSessionId,
-              navigate: async ({ session }) => {
+              navigate: async ({ session, decorateUrl }) => {
                 if (session?.currentTask) {
                   // Check for tasks and navigate to custom UI to help users resolve them
                   // See https://clerk.com/docs/guides/development/custom-flows/authentication/session-tasks
                   console.log(session?.currentTask)
                   return
                 }
 
-                router.push('/')
+                const url = decorateUrl('/')
+                if (url.startsWith('http')) {
+                  window.location.href = url
+                } else {
+                  router.push(url)
+                }
               },
             })
           } else {

docs/guides/development/custom-flows/authentication/legacy/application-invitations.mdx

@@ -225,15 +225,20 @@ To create a sign-up flow using the invitation token, you need to extract the tok
             if (signUpAttempt.status === 'complete') {
               await clerk.setActive({
                 session: signUpAttempt.createdSessionId,
-                navigate: async ({ session }) => {
+                navigate: async ({ session, decorateUrl }) => {
                   if (session?.currentTask) {
                     // Check for tasks and navigate to custom UI to help users resolve them
                     // See https://clerk.com/docs/guides/development/custom-flows/authentication#session-tasks
                     console.log(session?.currentTask)
                     return
                   }
 
-                  await router.push('/')
+                  const url = decorateUrl('/')
+                  if (url.startsWith('http')) {
+                    window.location.href = url
+                  } else {
+                    window.location.href = '/'
+                  }
                 },
               })
             } else {