Strip token query parameter from SW navigation requests#526
Merged
Conversation
The published service worker's onFetch handler forwarded the raw navigation request (including '?token=...') to cache.match and to the network fallback. When that fallback failed, the promise returned to respondWith() rejected and Chrome surfaced: The FetchEvent for "https://recollections.app/?token=demo" resulted in a network error response: the promise was rejected. Strip the 'token' query parameter from navigation requests before the cache/network fetch. The SPA still reads window.location.search after boot, so the token remains available for the API auth exchange. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses a production service worker fetch error triggered when users open the app with a token-bearing navigation URL (e.g., /?token=...). It updates the published service worker to sanitize navigation requests by removing the token query parameter before cache lookup and network fallback, reducing the likelihood of respondWith() surfacing rejected fetch promises to end users.
Changes:
- Added
stripTokenFromNavigation()to remove thetokenquery parameter from navigation requests. - Updated
onFetchto use the sanitized request for cache matching and network fallback.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Production reported a recurring service worker error when users land on the app via a token-bearing URL:
Why
onFetchinservice-worker.published.jsforwarded the raw navigation request (including?token=...) both tocache.matchand to thefetch()network fallback. When the cache miss happened and the network fetch then failed for any reason, the promise returned torespondWith()rejected, surfacing the error above to users.What changed
Added
stripTokenFromNavigation(), called fromonFetchformode === 'navigate'requests. It rebuilds theRequestwithout thetokenquery parameter before the cache lookup and the network fallback. Non-navigation requests are passed through untouched.The SPA still reads
window.location.searchafter boot (UserState.OnInitializedAsync), so the token remains available for theLoginWithTokenAsyncAPI exchange. Only the SW-side fetch sees the cleaned URL.Notes
service-worker.jsdoes not callrespondWith()on regular fetches.