Bug: 401 console error on protected routes before auth redirect #153

New issue

Closed

opened 2026-03-28 21:26:12 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented 2026-03-28 21:26:12 +00:00

Owner

Copy link

Type

Bug

Lineage

Discovered during spike #150 — parent login flow validation.

Repo

forgejo_admin/westside-landing

What Broke

Navigating directly to a protected route (e.g. /my-players) while unauthenticated causes the page component's onMount to fire an API call before the layout's auth guard redirects to /signin. Results in a 401 console error. Not a security issue — API correctly rejects — but noisy.

Repro Steps

1. Open browser dev tools console
2. Navigate to https://westsidekingsandqueens.tail5b443a.ts.net/my-players while not logged in
3. Observe: redirected to /signin (correct) but console shows 401 for /account/players

Expected Behavior

No API calls fire before auth guard determines user is unauthenticated.

Environment

• Cluster/namespace: prod

Acceptance Criteria

• No 401 console errors when hitting protected routes unauthenticated
• Auth guard check happens before component API calls
• Redirect to /signin still works

Related

• project-westside-basketball
• forgejo_admin/westside-landing #150

### Type Bug ### Lineage Discovered during spike #150 — parent login flow validation. ### Repo `forgejo_admin/westside-landing` ### What Broke Navigating directly to a protected route (e.g. `/my-players`) while unauthenticated causes the page component's `onMount` to fire an API call before the layout's auth guard redirects to `/signin`. Results in a 401 console error. Not a security issue — API correctly rejects — but noisy. ### Repro Steps 1. Open browser dev tools console 2. Navigate to `https://westsidekingsandqueens.tail5b443a.ts.net/my-players` while not logged in 3. Observe: redirected to `/signin` (correct) but console shows 401 for `/account/players` ### Expected Behavior No API calls fire before auth guard determines user is unauthenticated. ### Environment - Cluster/namespace: prod ### Acceptance Criteria - [ ] No 401 console errors when hitting protected routes unauthenticated - [ ] Auth guard check happens before component API calls - [ ] Redirect to `/signin` still works ### Related - `project-westside-basketball` - `forgejo_admin/westside-landing #150`

forgejo_admin referenced this issue from a commit 2026-03-28 22:47:48 +00:00

fix: guard apiFetch with Keycloak ready + auth check

forgejo_admin referenced this issue from a pull request that will close it, 2026-03-28 22:48:13 +00:00

fix: guard apiFetch with Keycloak ready + auth check #162

forgejo_admin closed this issue 2026-03-28 22:51:18 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

142-validate-coach-login-and-read-only-roste

139-fix-admin-dashboard-stats-showing-all-ze

129-validate-girls-draft-board-coach-login-a

204-auto-tag-update

deploy-update-image-tag

110-fix-harbor-push-target

No results found.

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

No labels

domain:backend

domain:devops

domain:frontend

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/westside-landing#153

No description provided.