Fix setup not required screen display#57
Merged
JoshuaAFerguson merged 8 commits intoNov 17, 2025
Conversation
Enable API and WebSocket proxy in nginx.conf to forward requests from the UI container to the backend API service. This fixes the setup screen issue where API requests were returning the default nginx page instead of being proxied to the backend. Changes: - Uncommented and configured /api/ location block - Added /ws/ location block for WebSocket connections - Added proper proxy headers for real IP forwarding - Set appropriate timeouts for long-running requests Fixes the "Setup not required" issue when accessing via port-forward.
Add debug logging to troubleshoot setup wizard status check. This will help identify why the UI shows 'Setup not required' when the admin user has no password set.
- Add automatic retry on API connection failure (5 attempts, 2s delay) - Show retry status during connection attempts - Display error message with refresh button if connection fails - Add console logging for debugging setup status response - Prevent showing 'Setup not required' when API is unreachable This fixes the issue where the setup wizard shows 'Setup not required' when the API takes time to start or is temporarily unavailable.
Exclude authentication endpoints from HTTP caching to prevent stale data issues. The setup status endpoint was being cached for 5 minutes, causing the UI to show 'Setup not required' even when setup was actually needed. Changes: - Add no-cache list for auth endpoints (/api/v1/auth/*) - Add no-cache for user profile (/api/v1/users/me) - Add no-cache for session endpoints (dynamic state) - Set 'no-store, no-cache' headers for excluded paths This fixes the browser caching issue with the setup wizard.
Nginx was compressing API responses and setting Content-Type to application/x-gzip instead of application/json, causing browsers to receive gzipped data without proper Content-Encoding headers. Changes: - Disable gzip for /api/ location (API responses are small) - Disable gzip for /ws/ location (WebSocket connections) - Prevents Content-Type corruption for proxied JSON responses This fixes Firefox receiving 'application/x-gzip' instead of 'application/json', which caused the browser to not decompress the response.
The gzip middleware was compressing auth endpoint responses without properly setting Content-Encoding headers, causing browsers to receive compressed data that wasn't automatically decompressed. Changes: - Exclude /api/v1/auth/ from gzip compression - Keeps auth responses as plain JSON for proper browser handling - Maintains gzip for other endpoints that benefit from compression This fixes the setup wizard receiving binary gzipped data instead of JSON, which caused 'Unexpected token' errors in the browser.
Add debug logging to troubleshoot form submission issues: - Log request body contents - Log Content-Type header - Log binding errors with details - Log parsed request fields This will help identify why the setup form submission is failing with 'Invalid request format' error.
The webhook middleware was reading the request body but then replacing it with an empty reader, causing all subsequent handlers to receive empty request bodies. Changes: - Fix body restoration to use bytes.NewBuffer(body) - Remove incorrect io.MultiReader(io.Reader(nil)) pattern - Add bytes import This fixes the setup form submission failing with 'Invalid request format' due to empty request body.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+42
to
+44
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection 'upgrade'; |
Check warning
Code scanning / Semgrep OSS
Semgrep Finding: generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling Warning
Comment on lines
+60
to
+62
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection "upgrade"; |
Check warning
Code scanning / Semgrep OSS
Semgrep Finding: generic.nginx.security.possible-h2c-smuggling.possible-nginx-h2c-smuggling Warning
JoshuaAFerguson
deleted the
claude/fix-setup-screen-015uaSk1YfRFL1KSSojovost
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.