[backport rh-test] [bugfix] add mode: no-cors to fix CORS error when following GCS redirects (#6278)

Backport of #6277 to `rh-test` Automatically created by backport workflow. Co-authored-by: Christian Byrne <cbyrne@comfy.org>
2026-02-02 22:37:32 +00:00 · 2025-10-25 15:12:18 +09:00
parent 71e851acfa
commit 3954ac8584
1 changed files with 8 additions and 7 deletions
--- a/public/auth-sw.js
+++ b/public/auth-sw.js
@@ -70,16 +70,17 @@ self.addEventListener('fetch', (event) => {
        // Handle redirects to external storage (e.g., GCS signed URLs)
        if (response.type === 'opaqueredirect') {
          // Opaqueredirect: redirect occurred but response is opaque (headers not accessible)
-          // Re-fetch the original /api/view URL with redirect: 'follow'
-          // Browser will:
-          // 1. Send auth headers to /api/view (same-origin)
-          // 2. Receive 302 redirect to GCS
-          // 3. Automatically strip auth headers when following cross-origin redirect
-          // 4. Use GCS signed URL authentication instead
+          // Re-fetch the original /api/view URL with redirect: 'follow' and mode: 'no-cors'
+          // - mode: 'no-cors' allows cross-origin fetches without CORS headers (GCS doesn't have CORS)
+          // - Returns opaque response, which works fine for images/videos/audio
+          // - Browser will send auth headers to /api/view (same-origin)
+          // - Browser will receive 302 redirect to GCS
+          // - Browser will follow redirect using GCS signed URL authentication
          return fetch(event.request.url, {
            method: 'GET',
            headers: headers,
-            redirect: 'follow'
+            redirect: 'follow',
+            mode: 'no-cors'
          })
        }