Module subdomains: redirect non-Browser visitors to www.bcos.cloud (drop "Browser Required" gate) #4
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Problem
When a user opens a module subdomain (e.g. profile.bcos.cloud, msp.bcos.cloud, aria.bcos.cloud, etc.) in a normal web browser instead of the HiveOps desktop Browser, the SPA renders a hardcoded Browser Required gate that links to
https://cdn.bcos.cloud/downloads/. This:Desired behavior
Do not show a Browser Required page. Instead, redirect (302) non-Browser visitors to
https://www.bcos.cloudfor all module subdomains, in every environment (dev included). No browser download is offered from the module subdomains.Approach (nginx, server-side)
The desktop Browser injects an explicit header on every module request (
hiveops-browser/src/main/main.js:196and:1209):A normal browser never carries it. So nginx can decide server-side, in the SPA location of each module server block:
Edge cases
/api/,/health, and auth — only the SPA document path redirects (logins, API calls, uptime checks untouched)Benefits over editing the SPAs
Plan
hiveiq-ops/.../instances/dev/nginx/conf.d/), reload nginx, verify with curl (with/withoutX-HiveIQ-Browserheader → 200 vs 302→www.bcos.cloud)Dev-only verification is in scope here; production rollout follows the normal PR/approval flow.
Deployed + verified on bcos.dev
Implemented as an nginx server-side redirect (no SPA changes). Added shared snippet
nginx/conf.d/snippets/browser-gate.conf:…included into the
location /of all 13 module confs (msp, aria, profile, devices, fleet, incident, analytics, claims, recon, reports, transactions, vault, dashboard).nginx -tOK, reloaded.Verification (live, bcos.dev):
msp/profile/dashboardwithX-HiveIQ-Browser: true→ 200, no redirect (SPA served) ✅msp/health(no header) → 200, not redirected ✅devices/api/devices(no header) → 401 (backend reached, not 302) ✅api.bcos.dev,auth.bcos.dev→ unaffected ✅Change mirrored into the repo copy (
hiveiq-openmetal-prod/.../instances/dev/nginx/conf.d/).Production (bcos.cloud) is NOT done — it will follow via the normal PR + approval flow (same snippet + includes against the production nginx confs, plus excluding the marketing site there to avoid a redirect loop).
Dev change merged: hiveiq-openmetal-prod PR #17 (merge
65d68d99). bcos.dev is live + verified.Keeping this issue open for the production (bcos.cloud) rollout — same snippet + includes against the prod nginx confs, plus excluding the marketing site (web/www) to avoid a redirect loop.