From 305348f0aca6e6944943ec807675f7af4b02ab72 Mon Sep 17 00:00:00 2001
From: Asher <ash@coder.com>
Date: Tue, 27 Oct 2020 17:26:22 -0500
Subject: [PATCH] Improve proxy fallthrough logic

- Use accept header.
- Match /login and /login/ exactly.
- Match /static/ (trailing slash).
- Use req.path. Same result but feels more accurate to me.
---
 src/node/proxy.ts | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/node/proxy.ts b/src/node/proxy.ts
index d6dd795d..4c861d0f 100644
--- a/src/node/proxy.ts
+++ b/src/node/proxy.ts
@@ -50,15 +50,18 @@ const maybeProxy = (req: Request): string | undefined => {
  * through to allow the redirect and login flow.
  */
 const shouldFallThrough = (req: Request): boolean => {
-  // The ideal would be to have a reliable way to detect if this is a request
-  // for (or originating from) our root or login HTML. But requests for HTML
-  // don't seem to set any content type.
-  return (
-    req.headers["content-type"] !== "application/json" &&
-    ((req.originalUrl.startsWith("/") && req.method === "GET") ||
-      (req.originalUrl.startsWith("/static") && req.method === "GET") ||
-      (req.originalUrl.startsWith("/login") && (req.method === "GET" || req.method === "POST")))
-  )
+  // See if it looks like a request for the root or login HTML.
+  if (req.accepts("text/html")) {
+    if (
+      (req.path === "/" && req.method === "GET") ||
+      (/\/login\/?/.test(req.path) && (req.method === "GET" || req.method === "POST"))
+    ) {
+      return true
+    }
+  }
+
+  // See if it looks like a request for a static asset.
+  return req.path.startsWith("/static/") && req.method === "GET"
 }
 
 router.all("*", (req, res, next) => {