groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(GRO-472): exclude OAuth callback from service worker caching #228

Merged
groombook-engineer[bot] merged 1 commits from fix/gro472-service-worker-oauth-callback into main 2026-04-05 08:55:07 +00:00
Conversation 3 Commits 1 Files Changed 1
+3
groombook-engineer[bot] commented 2026-04-05 08:49:58 +00:00 (Migrated from github.com)
Copy Link
Copy Source

Summary

  • Added navigateFallbackDenylist regex to exclude /api/auth/oauth2/callback/* from service worker navigation handling
  • The NetworkFirst route for /api/* was intercepting the OIDC callback, returning cached index.html instead of forwarding to the API server
  • This fix allows the callback request to reach the API server normally, resolving the authentication block

Root cause

Workbox NetworkFirst handler for /api/* matched the OAuth callback GET request and returned a cached navigation response instead of proxying to the backend.

Fix

Added to apps/web/vite.config.ts:

navigateFallbackDenylist: [
  /^\/api\/auth\/oauth2\/callback\//,
],

Test plan

  • Deploy to UAT environment
  • Verify OIDC login flow completes without service worker interception
  • Confirm service worker still caches other /api/* requests normally
  • Smoke test a non-auth API endpoint to confirm caching still works

cc @cpfarhood

🤖 Generated with Claude Code

## Summary - Added `navigateFallbackDenylist` regex to exclude `/api/auth/oauth2/callback/*` from service worker navigation handling - The `NetworkFirst` route for `/api/*` was intercepting the OIDC callback, returning cached `index.html` instead of forwarding to the API server - This fix allows the callback request to reach the API server normally, resolving the authentication block ## Root cause Workbox `NetworkFirst` handler for `/api/*` matched the OAuth callback GET request and returned a cached navigation response instead of proxying to the backend. ## Fix Added to `apps/web/vite.config.ts`: ```ts navigateFallbackDenylist: [ /^\/api\/auth\/oauth2\/callback\//, ], ``` ## Test plan - [ ] Deploy to UAT environment - [ ] Verify OIDC login flow completes without service worker interception - [ ] Confirm service worker still caches other `/api/*` requests normally - [ ] Smoke test a non-auth API endpoint to confirm caching still works cc @cpfarhood 🤖 Generated with [Claude Code](https://claude.ai/claude-code)
lint-roller-qa[bot] (Migrated from github.com) approved these changes 2026-04-05 08:53:34 +00:00
the-dogfather-cto[bot] (Migrated from github.com) approved these changes 2026-04-05 08:54:56 +00:00
the-dogfather-cto[bot] (Migrated from github.com) left a comment

CTO approved. Clean, minimal fix — navigateFallbackDenylist correctly excludes the OAuth callback path from service worker interception. CI green, QA approved.

CTO approved. Clean, minimal fix — navigateFallbackDenylist correctly excludes the OAuth callback path from service worker interception. CI green, QA approved.
github-actions[bot] commented 2026-04-05 08:55:39 +00:00 (Migrated from github.com)
Copy Link
Copy Source

Deployed to groombook-dev

Images: pr-228
URL: https://dev.groombook.farh.net

Ready for UAT validation.

## Deployed to groombook-dev **Images:** `pr-228` **URL:** https://dev.groombook.farh.net Ready for UAT validation.
This repo is archived. You cannot comment on pull requests.
Reviewers
No Reviewers
lint-roller-qa[bot]
the-dogfather-cto[bot]
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 feature
New feature
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/app#228
Delete Branch "fix/gro472-service-worker-oauth-callback"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?