From 29e059a952a80e7606b85ebed961912cb0835bda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrik=20A=CC=8Akerfeldt?= Date: Tue, 17 Mar 2026 13:14:48 +0100 Subject: [PATCH] fix: let browser handle navigation requests to support auth proxies When the dashboard sits behind an authentication proxy (Cloudflare Access, OAuth2 Proxy, Authelia, etc.), the service worker must not intercept navigation requests. Otherwise it serves a cached index.html, preventing the browser from following HTTP redirects to the login page when the auth session expires. Remove the NavigationRoute + createHandlerBoundToURL registration and disable precacheAndRoute's directoryIndex and cleanURLs options so it cannot implicitly serve index.html for navigation requests. Static assets (JS, CSS, fonts, images) are still served from the precache via exact URL match, so page loads remain fast. --- ui/src/sw.js | 43 ++++++++++++++++--------------------------- 1 file changed, 16 insertions(+), 27 deletions(-) diff --git a/ui/src/sw.js b/ui/src/sw.js index 2096874cd..3d93def5d 100644 --- a/ui/src/sw.js +++ b/ui/src/sw.js @@ -1,37 +1,26 @@ /// import { clientsClaim } from 'workbox-core' -import { cleanupOutdatedCaches, createHandlerBoundToURL, precacheAndRoute } from 'workbox-precaching' -import { NavigationRoute, registerRoute } from 'workbox-routing' +import { cleanupOutdatedCaches, precacheAndRoute } from 'workbox-precaching' -// self.__WB_MANIFEST is the default injection point -precacheAndRoute(self.__WB_MANIFEST) +// Navigation requests (request.mode === 'navigate') are intentionally NOT +// handled by the Service Worker. This lets the browser perform normal network +// navigation, which is critical when the dashboard sits behind an +// authentication proxy (Cloudflare Access, OAuth2 Proxy, Authelia, etc.). +// Without this, the SW would serve a cached index.html, preventing the browser +// from following HTTP redirects to the login page when the auth session expires. +// +// directoryIndex and cleanURLs are disabled so that precacheAndRoute does not +// implicitly serve index.html for navigation requests to '/dashboard/'. +// Static assets (JS, CSS, fonts, images) are still served from the precache +// via exact URL match, so page loads remain fast. +precacheAndRoute(self.__WB_MANIFEST, { + directoryIndex: null, + cleanURLs: false +}) // clean old assets cleanupOutdatedCaches() -/** @type {RegExp[] | undefined} */ -const denylist = [] - -// in dev mode, do not precache anything -if (import.meta.env.DEV) { - // don't precache anything - console.log('Development mode, not pre-caching anything') - denylist.push(/.*/) -} else { - // don't precache anything where the urls pathname ends with a slash (including times when the url has a query string) - // this permits the request to be handled by the server which will do a redirect as required - const configPath = self.location.pathname.split('/')[1] - denylist.push(new RegExp(`/${configPath}/[^?]*/(\\?.*)*$`)) -} - -// to allow work offline for allowed routes only -registerRoute(new NavigationRoute( - createHandlerBoundToURL('index.html'), - { denylist } -)) - self.skipWaiting() // https://developer.mozilla.org/en-US/docs/Web/API/Clients/claim clientsClaim() - -// Add custom service worker code here