Update mcdsl to v1.7.0 (SSO cookie fix for Firefox)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

vendor/git.wntrmute.dev/mc/mcdsl/sso/sso.go

@@ -22,6 +22,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"html"
 	"io"
 	"net/http"
 	"net/url"
@@ -268,6 +269,12 @@ func ConsumeReturnToCookie(w http.ResponseWriter, r *http.Request, prefix string
 
 // RedirectToLogin generates a state, sets the state and return-to cookies,
 // and redirects the user to the MCIAS authorize URL.
+//
+// The redirect is performed via a 200 response with an HTML meta-refresh
+// instead of a 302. Some browsers (notably Firefox) do not reliably store
+// Set-Cookie headers on 302 responses that redirect to a different origin,
+// even when the origins are same-site. Using a 200 response ensures the
+// cookies are stored before the browser navigates away.
 func RedirectToLogin(w http.ResponseWriter, r *http.Request, client *Client, cookiePrefix string) error {
 	state, err := GenerateState()
 	if err != nil {
@@ -276,7 +283,15 @@ func RedirectToLogin(w http.ResponseWriter, r *http.Request, client *Client, coo
 
 	SetStateCookie(w, cookiePrefix, state)
 	SetReturnToCookie(w, r, cookiePrefix)
-	http.Redirect(w, r, client.AuthorizeURL(state), http.StatusFound)
+
+	authorizeURL := client.AuthorizeURL(state)
+	escaped := html.EscapeString(authorizeURL)
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	w.WriteHeader(http.StatusOK)
+	_, _ = fmt.Fprintf(w, `<!DOCTYPE html>
+<html><head><meta http-equiv="refresh" content="0;url=%s"></head>
+<body><p>Redirecting to <a href="%s">MCIAS</a>...</p></body></html>`,
+		escaped, escaped)
 	return nil
 }
 

vendor/modules.txt

@@ -2,7 +2,7 @@
 ## explicit; go 1.24.0
 git.wntrmute.dev/kyle/goutils/certlib/certgen
 git.wntrmute.dev/kyle/goutils/lib
-# git.wntrmute.dev/mc/mcdsl v1.6.0
+# git.wntrmute.dev/mc/mcdsl v1.7.0
 ## explicit; go 1.25.7
 git.wntrmute.dev/mc/mcdsl/auth
 git.wntrmute.dev/mc/mcdsl/config