fix: harden autocomplete endpoint security and error handling

surfsense_web/app/desktop/suggestion/page.tsx

@@ -36,9 +36,17 @@ const AUTO_DISMISS_MS = 3000;
 export default function SuggestionPage() {
 	const [suggestion, setSuggestion] = useState("");
 	const [isLoading, setIsLoading] = useState(true);
+	const [isDesktop, setIsDesktop] = useState(true);
 	const [error, setError] = useState<string | null>(null);
 	const abortRef = useRef<AbortController | null>(null);
 
+	useEffect(() => {
+		if (!window.electronAPI?.onAutocompleteContext) {
+			setIsDesktop(false);
+			setIsLoading(false);
+		}
+	}, []);
+
 	useEffect(() => {
 		if (!error) return;
 		const timer = setTimeout(() => {
@@ -153,6 +161,16 @@ export default function SuggestionPage() {
 		return cleanup;
 	}, [fetchSuggestion]);
 
+	if (!isDesktop) {
+		return (
+			<div className="suggestion-tooltip">
+				<span className="suggestion-error-text">
+					This page is only available in the SurfSense desktop app.
+				</span>
+			</div>
+		);
+	}
+
 	if (error) {
 		return (
 			<div className="suggestion-tooltip suggestion-error">

surfsense_web/app/desktop/suggestion/suggestion.css

@@ -1,4 +1,5 @@
-html, body {
+html:has(.suggestion-body),
+body:has(.suggestion-body) {
   margin: 0 !important;
   padding: 0 !important;
   background: transparent !important;