From 9357d959ceaa11d92d2c500cc27d68302f658169 Mon Sep 17 00:00:00 2001 From: Wayland Date: Sun, 14 Jun 2026 22:09:36 +0200 Subject: [PATCH] fix(ui): harden service worker + manifest crossorigin behind auth proxy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Behind Cloudflare Access the console threw on every load: - A CORS error because /site.webmanifest was fetched without credentials and 302-redirected cross-origin to the Access login. - `TypeError: Failed to convert value to 'Response'` because the SW catch handler passed `caches.match(request)` (undefined on a miss) straight into `event.respondWith`. Changes: - SW now skips cross-origin requests and the auth-sensitive /site.webmanifest and /sw.js paths, letting the network/auth proxy own them untouched. - Never caches redirected / opaqueredirect responses (auth challenges). - Both catch branches await the cache lookup and fall back to a real Response (503 navigate, 504 otherwise) — respondWith never sees undefined. - Bump CACHE_NAME paperclip-v2 -> paperclip-v3 so the new worker replaces the cached old one. - index.html manifest link gains crossorigin="use-credentials". Co-Authored-By: Claude Opus 4.8 --- ui/index.html | 2 +- ui/public/sw.js | 33 +++++++++++++++++++++++++-------- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/ui/index.html b/ui/index.html index 6a5781e711d..8c2cbaa6f54 100644 --- a/ui/index.html +++ b/ui/index.html @@ -15,7 +15,7 @@ - +