Add env var to let server disable the PWA

[kuon]

I use proxy auth for timetagger, this means that my /timetagger URL will be redirected to my oauth provider if I am not logged in.

But, the PWA breaks it, because after the first successful login, the browser will not hit the webserver and load the app from cache, then (when my oauth session is expired) API calls will fails with error like:

16:26:53.756 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://auth.xxxxxxxx.com/realms/master/protocol/openid-connect/auth?approval_prompt=force&client_id=oauth-proxy&redirect_uri=https%3A%2F%2Fauth.xxxx.com%2Foauth2%2Fcallback&response_type=code&scope=openid+profile+email+roles&state=zzxxxxxxxx%3Ahttps%3A%2F%2Ftime.xxxxxxxxxxxxxxxxx.com%2Ftimetagger%2Fapi%2Fv2%2Fupdates%3Fsince%3D1740842719.997325. (Reason: CORS request did not succeed). Status code: (null).

Because the webserver will try to redirect API calls to the auth page.

I have to manually go to /timetagger/login to trigger a redirection and login again.

[almarklein]

Do you have a proposal for a solution? Perhaps an env var for the server to not enable the pwa?

[kuon]

I tested different approach to keep the PWA, but there is no reliable way to detect that the proxy session has expired. The CORS fails and we have no idea why.

To make it work properly it would require a separate endpoint to get auth status, but that is very cumbersome.

I think your idea of allowing to disable the PWA is the most practical one, it solves the problem with nearly no drawback as the app itself it quite small.

Thus, adding an env var to disable PWA and require the browser to load the app normally is the best approach I think.