fix(pos): fix proxy Content-Type forwarding and SW auth caching

Proxy was using resp.raw.headers (urllib3) which could miss Content-Type;
switched to resp.headers. SW now skips /pos/api/auth/ to prevent stale
token caching, scopes fetch to /pos/ only, and bumps cache to v2.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

pos/static/pwa/sw.js

@@ -1,7 +1,7 @@
 // /home/Autopartes/pos/static/pwa/sw.js
 // Nexus POS — Service Worker v1
 
-const CACHE_NAME = 'nexus-pos-v1';
+const CACHE_NAME = 'nexus-pos-v2';
 
 const APP_SHELL = [
   '/pos/login',
@@ -64,6 +64,22 @@ self.addEventListener('activate', function (event) {
 self.addEventListener('fetch', function (event) {
   var url = new URL(event.request.url);
 
+  // Only handle requests within /pos/ scope
+  if (url.pathname.indexOf('/pos/') === -1) {
+    return;
+  }
+
+  // Never cache auth endpoints — tokens must always come from the server
+  if (url.pathname.indexOf('/pos/api/auth/') !== -1) {
+    return;
+  }
+
+  // Don't cache login page — always fetch fresh to avoid stale redirects
+  if (url.pathname === '/pos/login' || url.pathname === '/pos/login/') {
+    event.respondWith(networkFirst(event.request));
+    return;
+  }
+
   // API calls → network-first
   if (url.pathname.indexOf('/pos/api/') !== -1) {
     event.respondWith(networkFirst(event.request));