2026-05-11 17:12:03 +02:00
2 changed files with 34 additions and 1 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -59,6 +59,29 @@ jobs:
        run: npm run build
        working-directory: frontend

+      # ── Prerender output is exactly the public help page ───────────────────
+      # SvelteKit prerender + crawl follows nav links and bakes "redirect to
+      # /login" HTML for every protected route, served BEFORE runtime hooks
+      # (see #514). With `crawl: false` only the explicit entry should land
+      # in build/prerendered/. Anything else is a regression — fail the build.
+      - name: Assert prerender output is only /hilfe/transkription
+        run: |
+          cd frontend
+          set -e
+          extra=$(find build/prerendered -type f \
+                  -not -path 'build/prerendered/hilfe/*' \
+                  -not -name '*.br' -not -name '*.gz' \
+                  || true)
+          if [ -n "$extra" ]; then
+            echo "FAIL: unexpected prerendered files (would shadow runtime hooks):"
+            echo "$extra"
+            exit 1
+          fi
+          # And the help page must still be there.
+          test -f build/prerendered/hilfe/transkription.html \
+            || { echo "FAIL: /hilfe/transkription.html missing from prerender output"; exit 1; }
+          echo "PASS: only /hilfe/transkription.html prerendered."
+
      - name: Upload screenshots
        if: always()
        uses: actions/upload-artifact@v4
--- a/frontend/svelte.config.js
+++ b/frontend/svelte.config.js
@@ -8,7 +8,17 @@ const config = {
 	preprocess: vitePreprocess(),
 	kit: {
 		adapter: adapter(),
-		prerender: { entries: ['/hilfe/transkription'] }
+		prerender: {
+			entries: ['/hilfe/transkription'],
+			// Disable crawl: by default SvelteKit follows nav links from
+			// prerendered pages and prerenders the targets too. The targets
+			// (/, /documents, /persons, …) throw redirect('/login') during
+			// the build (no auth cookie), so SvelteKit bakes a
+			// `<script>location.href='/login'</script>` HTML page and serves
+			// it before the runtime hooks ever run. Result: authenticated
+			// users with a valid cookie still get bounced. See #514.
+			crawl: false
+		}
 	}
 };