FIX: Scope the `cn` to the subfolder

app/assets/javascripts/discourse/widgets/notification-item.js.es6

@@ -143,7 +143,8 @@ createWidget("notification-item", {
     const id = this.attrs.id;
     setTransientHeader("Discourse-Clear-Notifications", id);
     if (document && document.cookie) {
-      document.cookie = `cn=${id}; expires=Fri, 31 Dec 9999 23:59:59 GMT`;
+      let path = Discourse.BaseUri || "/";
+      document.cookie = `cn=${id}; path=${path}; expires=Fri, 31 Dec 9999 23:59:59 GMT`;
     }
     if (wantsNewWindow(e)) {
       return;

app/controllers/application_controller.rb

@@ -257,7 +257,9 @@ class ApplicationController < ActionController::Base
         Notification.read(current_user, notification_ids)
         current_user.reload
         current_user.publish_notifications_state
-        cookies.delete('cn')
+        cookie_args = {}
+        cookie_args[:path] = Discourse.base_uri if Discourse.base_uri.present?
+        cookies.delete('cn', cookie_args)
       end
     end
   end

spec/requests/topics_controller_spec.rb

@@ -1281,6 +1281,7 @@ RSpec.describe TopicsController do
 
     describe 'clear_notifications' do
       it 'correctly clears notifications if specified via cookie' do
+        Discourse.stubs(:base_uri).returns("/eviltrout")
         notification = Fabricate(:notification)
         sign_in(notification.user)
 
@@ -1290,6 +1291,7 @@ RSpec.describe TopicsController do
 
         expect(response.status).to eq(200)
         expect(response.cookies['cn']).to eq(nil)
+        expect(response.headers['Set-Cookie']).to match(/^cn=;.*path=\/eviltrout/)
 
         notification.reload
         expect(notification.read).to eq(true)