fix(frontend): disable prerender crawl so protected routes aren't baked to login-bounces (#514) #515
@@ -59,6 +59,29 @@ jobs:
|
|||||||
run: npm run build
|
run: npm run build
|
||||||
working-directory: frontend
|
working-directory: frontend
|
||||||
|
|
||||||
|
# ── Prerender output is exactly the public help page ───────────────────
|
||||||
|
# SvelteKit prerender + crawl follows nav links and bakes "redirect to
|
||||||
|
# /login" HTML for every protected route, served BEFORE runtime hooks
|
||||||
|
# (see #514). With `crawl: false` only the explicit entry should land
|
||||||
|
# in build/prerendered/. Anything else is a regression — fail the build.
|
||||||
|
- name: Assert prerender output is only /hilfe/transkription
|
||||||
|
run: |
|
||||||
|
cd frontend
|
||||||
|
set -e
|
||||||
|
extra=$(find build/prerendered -type f \
|
||||||
|
-not -path 'build/prerendered/hilfe/*' \
|
||||||
|
-not -name '*.br' -not -name '*.gz' \
|
||||||
|
|| true)
|
||||||
|
if [ -n "$extra" ]; then
|
||||||
|
echo "FAIL: unexpected prerendered files (would shadow runtime hooks):"
|
||||||
|
echo "$extra"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
# And the help page must still be there.
|
||||||
|
test -f build/prerendered/hilfe/transkription.html \
|
||||||
|
|| { echo "FAIL: /hilfe/transkription.html missing from prerender output"; exit 1; }
|
||||||
|
echo "PASS: only /hilfe/transkription.html prerendered."
|
||||||
|
|
||||||
- name: Upload screenshots
|
- name: Upload screenshots
|
||||||
if: always()
|
if: always()
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@v4
|
||||||
|
|||||||
@@ -8,7 +8,17 @@ const config = {
|
|||||||
preprocess: vitePreprocess(),
|
preprocess: vitePreprocess(),
|
||||||
kit: {
|
kit: {
|
||||||
adapter: adapter(),
|
adapter: adapter(),
|
||||||
prerender: { entries: ['/hilfe/transkription'] }
|
prerender: {
|
||||||
|
entries: ['/hilfe/transkription'],
|
||||||
|
// Disable crawl: by default SvelteKit follows nav links from
|
||||||
|
// prerendered pages and prerenders the targets too. The targets
|
||||||
|
// (/, /documents, /persons, …) throw redirect('/login') during
|
||||||
|
// the build (no auth cookie), so SvelteKit bakes a
|
||||||
|
// `<script>location.href='/login'</script>` HTML page and serves
|
||||||
|
// it before the runtime hooks ever run. Result: authenticated
|
||||||
|
// users with a valid cookie still get bounced. See #514.
|
||||||
|
crawl: false
|
||||||
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user