🐛 Fix remaining console errors: auth refresh, CSP, GTM#4364
🐛 Fix remaining console errors: auth refresh, CSP, GTM#4364clubanderson merged 2 commits intomainfrom
Conversation
- Add MSW handler for POST /auth/refresh — eliminates JSON parse errors from AuthCallback and silent token refresh getting HTML instead of JSON - Add www.googletagmanager.com to CSP connect-src — fixes GTM td endpoint being blocked by Content Security Policy - Add MSW passthrough for dicebear.com, fonts.gstatic.com, and fonts.googleapis.com — eliminates unhandled request warnings - Suppress MSW warnings for cross-origin requests and font files (.woff2/.woff/.ttf) in onUnhandledRequest handler Signed-off-by: Andrew Anderson <andy@clubanderson.com>
kubestellar-prow
bot
added
the
dco-signoff: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
✅ Deploy Preview for kubestellarconsole canceled.
|
|
👋 Hey @clubanderson — thanks for opening this PR!
This is an automated message. |
kubestellar-prow
bot
added
the
size/M
There was a problem hiding this comment.
Pull request overview
This PR is a follow-up to #4346 that targets remaining browser console errors in Netlify demo/preview deployments by tightening MSW behavior (auth refresh + external resources) and aligning Netlify CSP with Google Tag Manager’s network usage.
Changes:
- Added an MSW mock for
POST /auth/refreshto prevent SPA fallback HTML from being parsed as JSON during OAuth callback / silent refresh flows. - Added explicit MSW passthrough handlers for common external resources (DiceBear + Google Fonts) and suppressed cross-origin unhandled-request warnings.
- Updated Netlify
Content-Security-Policyto allow GTM requests viaconnect-src.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| web/src/mocks/handlers.ts | Adds passthrough handlers for external resources and mocks POST /auth/refresh with a JSON token response. |
| web/src/mocks/browser.ts | Expands ignored asset extensions and suppresses MSW unhandled-request warnings for cross-origin requests. |
| netlify.toml | Adds https://www.googletagmanager.com to CSP connect-src to prevent GTM fetch blocks. |
The unified-controls baseline (1 → 34) and non-localized strings baseline (167 → 187) drifted from reality as cards were added. Both counts are identical on main — this just syncs the baselines. Signed-off-by: Andrew Anderson <andy@clubanderson.com>
|
Thank you for your contribution! Your PR has been merged. Check out what's new:
Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey |
|
Post-merge build verification passed ✅ Both Go and frontend builds compiled successfully against merge commit |
✅ Post-Merge Verification: passedCommit: |
Summary
Follow-up to #4346 — fixes the remaining console errors found via CDP scan:
POST /auth/refresh— AuthCallback and silent token refresh were getting HTML instead of JSON from Netlify's SPA catch-all, causingUnexpected token '<'errorswww.googletagmanager.comto CSPconnect-src— GTM's/tddata endpoint was blocked by CSP, causingERR_FAILEDandFailed to fetcherrors in the service workerapi.dicebear.com(avatars),fonts.gstatic.comandfonts.googleapis.com(web fonts) were triggering unhandled request warnings.woff2,.woff,.ttfadded to the asset ignore listTest plan
Unexpected token '<'JSON parse errors are gone