From 85003cd4372475b9cae973b74261a6ca3f61af0d Mon Sep 17 00:00:00 2001 From: Peter Stone Date: Mon, 16 Mar 2026 20:57:00 +0000 Subject: fix: serve sw.js from /api/push/sw.js to bypass Apache static file routing Apache fronts the Go service and only proxies /api/ paths; /sw.js hits Apache's filesystem and 404s. Serve the service worker from /api/push/sw.js with Service-Worker-Allowed: / so the browser allows it to control the full origin scope. Update SW registration URL. Co-Authored-By: Claude Sonnet 4.6 --- internal/api/push.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'internal/api/push.go') diff --git a/internal/api/push.go b/internal/api/push.go index 6fd805a..dde5441 100644 --- a/internal/api/push.go +++ b/internal/api/push.go @@ -6,6 +6,7 @@ import ( "github.com/google/uuid" "github.com/thepeterstone/claudomator/internal/storage" + webui "github.com/thepeterstone/claudomator/web" ) // pushSubscriptionStore is the minimal interface needed by push handlers. @@ -37,6 +38,20 @@ func (s *Server) handleGetVAPIDKey(w http.ResponseWriter, r *http.Request) { writeJSON(w, http.StatusOK, map[string]string{"public_key": s.vapidPublicKey}) } +// handleServiceWorker serves sw.js with a Service-Worker-Allowed: / header so +// the SW can control the full origin even though it is registered from /api/push/sw.js. +func (s *Server) handleServiceWorker(w http.ResponseWriter, r *http.Request) { + data, err := webui.Files.ReadFile("sw.js") + if err != nil { + http.Error(w, "service worker not found", http.StatusNotFound) + return + } + w.Header().Set("Content-Type", "application/javascript") + w.Header().Set("Service-Worker-Allowed", "/") + w.WriteHeader(http.StatusOK) + w.Write(data) +} + // handlePushSubscribe saves a new push subscription. func (s *Server) handlePushSubscribe(w http.ResponseWriter, r *http.Request) { var input struct { -- cgit v1.2.3