fix(pos): fix proxy Content-Type forwarding and SW auth caching

Proxy was using resp.raw.headers (urllib3) which could miss Content-Type; switched to resp.headers. SW now skips /pos/api/auth/ to prevent stale token caching, scopes fetch to /pos/ only, and bumps cache to v2. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 02:13:36 +00:00
parent 8539720645
commit 29174c9108
2 changed files with 29 additions and 7 deletions
--- a/dashboard/server.py
+++ b/dashboard/server.py
@@ -185,25 +185,31 @@ def index():

 # ── POS Proxy — forward /pos/* to POS server on port 5001 ──
@app.route('/pos/', defaults={'path': ''})
-@app.route('/pos/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE'])
+@app.route('/pos/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'])
 def pos_proxy(path):
    import requests as req
    target = f'http://127.0.0.1:5001/pos/{path}'
    # Forward the request
    try:
-        headers = {k: v for k, v in request.headers if k.lower() not in ('host', 'content-length')}
+        # Forward all headers except hop-by-hop ones
+        excluded_req = {'host', 'content-length'}
+        headers = {k: v for k, v in request.headers if k.lower() not in excluded_req}
        resp = req.request(
            method=request.method,
            url=target,
            headers=headers,
            params=request.args,
            data=request.get_data(),
-            timeout=30
+            timeout=30,
+            allow_redirects=False
        )
-        # Build response
+        # Build response — use resp.headers (not resp.raw.headers) for correct Content-Type
        from flask import Response
-        excluded = {'content-encoding', 'transfer-encoding', 'connection'}
-        resp_headers = [(k, v) for k, v in resp.raw.headers.items() if k.lower() not in excluded]
+        excluded_resp = {'content-encoding', 'transfer-encoding', 'connection',
+                         'keep-alive', 'proxy-authenticate', 'proxy-authorization',
+                         'te', 'trailers', 'upgrade'}
+        resp_headers = [(k, v) for k, v in resp.headers.items()
+                        if k.lower() not in excluded_resp]
        return Response(resp.content, status=resp.status_code, headers=resp_headers)
    except Exception as e:
        return jsonify({'error': f'POS server unavailable: {str(e)}'}), 502
--- a/pos/static/pwa/sw.js
+++ b/pos/static/pwa/sw.js
@@ -1,7 +1,7 @@
 // /home/Autopartes/pos/static/pwa/sw.js
 // Nexus POS — Service Worker v1

-const CACHE_NAME = 'nexus-pos-v1';
+const CACHE_NAME = 'nexus-pos-v2';

 const APP_SHELL = [
  '/pos/login',
@@ -64,6 +64,22 @@ self.addEventListener('activate', function (event) {
 self.addEventListener('fetch', function (event) {
  var url = new URL(event.request.url);

+  // Only handle requests within /pos/ scope
+  if (url.pathname.indexOf('/pos/') === -1) {
+    return;
+  }
+
+  // Never cache auth endpoints — tokens must always come from the server
+  if (url.pathname.indexOf('/pos/api/auth/') !== -1) {
+    return;
+  }
+
+  // Don't cache login page — always fetch fresh to avoid stale redirects
+  if (url.pathname === '/pos/login' || url.pathname === '/pos/login/') {
+    event.respondWith(networkFirst(event.request));
+    return;
+  }
+
  // API calls → network-first
  if (url.pathname.indexOf('/pos/api/') !== -1) {
    event.respondWith(networkFirst(event.request));