fix: use per-page blazor startup

README.md

@@ -36,7 +36,7 @@ Backend:
 
 Frontend:
 
-- `RpgRoller/Components/App.razor`: HTML shell that serves the static `/login` auth document or the interactive route set based on request path
+- `RpgRoller/Components/App.razor`: HTML shell that serves the static `/login` auth document or the per-page interactive authenticated route set based on request path
 - `RpgRoller/Components/Routes.razor`: Blazor router and layout hookup
 - `RpgRoller/Components/Layout/MainLayout.razor`: default layout
 - `RpgRoller/Components/Pages/LoginPage.razor`: route marker for the static `/login` auth document
@@ -108,6 +108,13 @@ The frontend now uses a route-first authenticated shell that keeps the anonymous
 
 Inside the authenticated app, `/play`, `/campaigns`, and `/admin` are real Blazor routes, and the hamburger menu navigates between those URLs. `Workspace.razor` is now a shared shell only. Each authenticated route owns its own main content subtree through a route-specific component.
 
+Authenticated interactivity is route-local instead of global:
+
+- `App.razor` no longer applies `@rendermode` to `Routes` or `HeadOutlet`
+- `PlayPage.razor`, `CampaignsPage.razor`, and `AdminPage.razor` each opt into `InteractiveServerRenderMode(prerender: false)` directly
+- Blazor startup is manual with `Blazor.start({ ssr: { disableDomPreservation: true } })` so the app can disable enhanced SSR DOM preservation during interactive attach
+- Header route changes now use full document navigation so moving between authenticated routes remounts the target per-page interactive root instead of trying to reuse the previous page circuit
+
 Interactive bootstrap is now route-local:
 
 - `WorkspaceRouteView.razor` performs the first-render JS-dependent session initialization for the authenticated route that mounted
@@ -190,12 +197,13 @@ SQLite migration rule:
 
 ## Frontend Runtime
 
-- The UI runs as Blazor Server for authenticated routes and as plain HTML plus JavaScript for the anonymous `/login` document.
+- The UI runs as route-local Blazor Server components for authenticated routes and as plain HTML plus JavaScript for the anonymous `/login` document.
 - Static assets are linked through Blazor's `@Assets[...]` pipeline for fingerprinted cache-busting URLs.
 - Workspace reads are resolved through API requests in `WorkspaceQueryService`; browser interop stays focused on auth forms, session storage, SSE wiring, and small DOM helpers.
 - Interactive authenticated startup begins in `WorkspaceRouteView.razor` after first render because `RpgRollerApiClient` still depends on JS interop-backed `fetch`.
 - Workspace startup diagnostics now log route initialization, route-content render phases, and browser-side workspace mutation snapshots to help isolate the remaining Firefox startup crash documented in `POSTMORTEM.md`.
 - Pre-Blazor diagnostics also watch the static `#rr-interactive-host` container before `_framework/blazor.web.js` connects, so extension-driven DOM mutations can be compared against the first failing interactive batch.
+- Authenticated routes now avoid global `Routes @rendermode` because upstream issue `dotnet/aspnetcore#58824` reports Firefox-specific failures with global interactivity and explicitly calls out per-page mode as the safer path.
 - Authenticated routes now mount through phased interactive batches: minimal shell first, then a simple header placeholder, then route skeletons, and only then the real header and control-heavy route content after route initialization succeeds.
 - Live workspace refresh compares separate roster, per-character sheet, and log versions so unrelated changes do not trigger full reloads.
 - Campaign log data is loaded in bounded slices: campaign summaries, one selected roster, one selected character sheet, and a 25-row incremental log window from `/api/campaigns/{campaignId}/log/page`.