From bed58a09c064fb7ac9497b18d897f08bf82bebf0 Mon Sep 17 00:00:00 2001 From: Comfy Org PR Bot Date: Sat, 25 Oct 2025 10:42:42 +0900 Subject: [PATCH] [backport rh-test] [bugfix] fix auth service worker to handle cross-origin redirects to GCS (#6268) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Backport of #6265 to `rh-test` Automatically created by backport workflow. ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-6268-backport-rh-test-bugfix-fix-auth-service-worker-to-handle-cross-origin-redirects-to-G-2976d73d365081aba256c59948d0bf39) by [Unito](https://www.unito.io) Co-authored-by: Christian Byrne --- public/auth-sw.js | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/public/auth-sw.js b/public/auth-sw.js index 60a11eff1..a8929a77f 100644 --- a/public/auth-sw.js +++ b/public/auth-sw.js @@ -54,18 +54,36 @@ self.addEventListener('fetch', (event) => { headers.set(key, value) } - return fetch( + // Fetch with manual redirect to handle cross-origin redirects (e.g., GCS signed URLs) + const response = await fetch( new Request(event.request.url, { method: event.request.method, headers: headers, - mode: 'same-origin', credentials: event.request.credentials, cache: 'no-store', - redirect: event.request.redirect, + redirect: 'manual', referrer: event.request.referrer, integrity: event.request.integrity }) ) + + // If redirected to external storage (GCS), follow without auth headers + // The signed URL contains its own authentication in query params + if ( + response.type === 'opaqueredirect' || + response.status === 302 || + response.status === 301 + ) { + const location = response.headers.get('location') + if (location) { + return fetch(location, { + method: 'GET', + redirect: 'follow' + }) + } + } + + return response } catch (error) { console.error('[Auth SW] Request failed:', error) return fetch(event.request)