Service worker prevents auth redirect when dashboard is behind an authentication proxy #2068
Description
Current Behavior
When the dashboard is deployed behind an authentication proxy (e.g., Cloudflare Access), expired auth sessions result in "There was an error loading the Dashboard" instead of redirecting the user to the login page.
The service worker registers a NavigationRoute with createHandlerBoundToURL('index.html'), which intercepts all navigation requests (request.mode === 'navigate') and serves a cached index.html. This prevents the browser from ever reaching the authentication proxy's HTTP redirect (typically a 302) to the login page.
Steps to Reproduce
- Deploy Node-RED with @flowfuse/node-red-dashboard behind an authentication proxy (e.g., Cloudflare Access)
- Open the dashboard and let the service worker install
- Wait for the auth session to expire
- Refresh the page
- Expected: Browser follows the proxy's redirect to the login page
- Actual: Service worker serves cached index.html, which fails to load because API requests are unauthorized, and user sees "There was an error loading the Dashboard"
This effectively breaks the dashboard for any deployment behind an authentication proxy once the session expires. The only workaround is uninstall the PWA and install it again.
See also discourse conversation.
Environment
- @flowfuse/node-red-dashboard latest (main branch)
- Tested with Cloudflare Access (Zero Trust) with Google IdP
- Reproducible across Safari (macOS/iOS)
Expected Behavior
When the auth session expires, refreshing the dashboard should redirect the user to the authentication provider's login page. After re-authenticating, the user should be returned to the dashboard without needing to manually clear browser state or unregister the service worker.
Have you provided an initial effort estimate for this issue?
No, but see #2069 for a suggested solution.