diff --git a/server/server.go b/server/server.go index 4ae85ebb..e684992b 100644 --- a/server/server.go +++ b/server/server.go @@ -77,6 +77,8 @@ var ( authPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/auth$`) publishPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}/(publish|send|trigger)$`) + // Note: new paths that should be viewable directly in the browser should be added to web/public/sw.js's navigation fallback denyList as well + webConfigPath = "/config.js" webManifestPath = "/manifest.webmanifest" webRootHTMLPath = "/app.html" diff --git a/web/public/sw.js b/web/public/sw.js index 3d10db2d..4585b38f 100644 --- a/web/public/sw.js +++ b/web/public/sw.js @@ -245,10 +245,11 @@ if (!import.meta.env.DEV) { // this is so we don't respond to `/` UNLESS it's the app root itself, defined above /^\/.+$/, ], - // only /docs is required so it is navigable in the browser. - // the rest are nice-to-haves so the single-page-app doesn't try to handle them, but `fetch` - // and browser requests would work anyway. - denylist: [/^\/(docs|static|file).*$/, /^\/(app.html|manifest.webmanifest|sw.js|config.js)$/], + // only /docs, /file and /v1 are required so they are navigable in the browser (files for clicking on attachments, + // v1 for the redirect from Stripe). The rest are nice-to-haves so the single-page-app doesn't try to handle them, + // but `fetch` and browser requests would work anyway – they are mainly there so inspecting them is easier than + // calling the URLs via curl. + denylist: [/^\/(docs|file|v1|metrics|static|_matrix).*$/, /^\/(app.html|manifest.webmanifest|sw.js|config.js)$/], }) );