The application triggers requests to private page from public pages

[come-nc]

This application adds scripts to all pages in the boot method.
The script https://github.com/finally-coffee/nextcloud-pride-flags/blob/main/js/pride.js is as a result loaded even on login and public pages.
This script triggers a request to /apps/pride_flags/settings, which is not a public endpoint.

This will break login flow in some cases, because the forbidden request will kill the session.

Possible solutions:

1. Use an initial state for settings instead
2. Only register the script on private pages, that requires listening to BeforeTemplateRenderedEvent, example: https://github.com/nextcloud/notifications/blob/master/lib/AppInfo/Application.php#L46 and https://github.com/nextcloud/notifications/blob/master/lib/Listener/BeforeTemplateRenderedListener.php#L45-L47

[come-nc]

I tested and it’s not possible to log in with files desktop client when this application is enabled because of this.