Skip to content

fix: preview proxy ERR_BLOCKED_BY_CLIENT + network-context logging#13

Merged
davidnuescheler merged 4 commits into
mainfrom
fix/preview-proxy-referer
Jul 8, 2026
Merged

fix: preview proxy ERR_BLOCKED_BY_CLIENT + network-context logging#13
davidnuescheler merged 4 commits into
mainfrom
fix/preview-proxy-referer

Conversation

@davidnuescheler

Copy link
Copy Markdown
Contributor

Problem

With the proxy-aware fetch from #11, the preview view broke — every subresource fails:

(preview) › proxy failed for https://main--wheelercat--aemsites.aem.page/styles/styles.css:
Network request failed: GET .../styles/styles.css — net::ERR_BLOCKED_BY_CLIENT
[online; proxy: DIRECT; app 1.6.2, electron 42.3.3]

Root cause (verified empirically)

The preview proxy forwards the webview's request headers upstream, including Referer: http://127.0.0.1:<port>/…. Chromium's network stack (net.fetch) kills any request whose Referer doesn't match the destination with net::ERR_BLOCKED_BY_CLIENT. Node's fetch passed the header through silently, which is why this only surfaced after #11. It explains the exact symptom: the page itself loads (no Referer on navigation), every subresource dies (they all carry one).

Probe against the real endpoint with the project's Electron:

headers result
none HTTP 200
Referer: http://127.0.0.1:3000/… net::ERR_BLOCKED_BY_CLIENT
Sec-Fetch-* only HTTP 200
same-origin Referer HTTP 200

Changes

  • Strip Referer in the preview proxy's forwarded request headers (same treatment as the localhost Origin, which EDS already rejected with 403). Also stops leaking the local proxy origin upstream.
  • Network-context logging (the follow-up to fix: use Chromium network stack for API requests and explain fetch failures #11 that didn't make it into that branch): failed requests now gather connectivity state, the proxy Chromium resolved for the failing URL, and app/electron versions — logged under the net scope and appended to the on-screen error, so a user's screenshot alone distinguishes DNS, proxy, VPN, and TLS problems. It's what made this bug diagnosable from the log line above.

Testing

  • New test: preview server never forwards the incoming Referer (mirrors the existing Origin-strip test)
  • New tests: network context appears in the failure message; pre-enriched errors aren't double-wrapped
  • npm run lint and npm test green (206 tests)

🤖 Generated with Claude Code

davidnuescheler and others added 4 commits July 7, 2026 08:19
…ures

Failed API and preview requests now gather Chromium's view of the
network — online state, the proxy resolved for the failing URL, and
app/electron versions — log it under the "net" scope, and append it to
the on-screen error, so a user's screenshot or log file alone
distinguishes DNS, proxy, VPN, and TLS problems.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Since the preview proxy fetches upstream via Chromium's network stack,
forwarding the webview's localhost Referer makes Chromium kill every
subresource request (styles, scripts, images) with
net::ERR_BLOCKED_BY_CLIENT, because the Referer doesn't match the
.aem.page destination. Node's fetch passed it through silently, which is
why this only surfaced after the proxy-aware fetch change. Strip the
header like the localhost Origin already is; it also stops leaking the
local proxy origin upstream.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Blank previews were undiagnosable: request starts, the 503 no-active-site
path, upstream status/content-type/timing, auth-probe failures, and
mid-stream body errors were all silent. Each request now logs one start
line and one completion line (status, content type, site-token presence,
duration), every early-exit path says why, and upstream body stream
failures destroy the response instead of stalling it silently.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Forwarding the webview's Sec-Fetch-Mode: cors upstream makes Chromium's
net.fetch reject the request instantly with net::ERR_INVALID_ARGUMENT —
module scripts broke while no-cors stylesheets survived. Fetch metadata
describes the webview's request context, not the proxy's; Chromium sets
its own sec-fetch-* on the upstream request, so never forward them.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@davidnuescheler davidnuescheler merged commit d64378e into main Jul 8, 2026
4 checks passed
@trieloff

trieloff commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 1.6.4 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants