diff --git a/apps/web/e2e/smoke.spec.ts b/apps/web/e2e/smoke.spec.ts
index 8d282b0..93a39b3 100644
--- a/apps/web/e2e/smoke.spec.ts
+++ b/apps/web/e2e/smoke.spec.ts
@@ -3,13 +3,21 @@ import { expect, test } from "@playwright/test";
 test("health endpoint returns status ok", async ({ request }) => {
   const res = await request.get("/api/health");
   expect(res.status()).toBe(200);
-  const body = await res.json() as { status: string };
+  const body = (await res.json()) as { status: string };
   expect(body.status).toBe("ok");
 });
 
-test("unauthenticated root redirects to signin", async ({ page }) => {
-  await page.goto("/");
-  await expect(page).toHaveURL(/\/auth\/signin/);
+test("unauthenticated root redirects to signin", async ({ request }) => {
+  // Use HTTP-level request rather than page.goto: on the QNAP runner Chromium
+  // intermittently raises ERR_CONNECTION_REFUSED on this exact navigation
+  // even when curl on the same URL returns 307 milliseconds earlier and
+  // every other smoke test (api/health, /auth/signin, login flow) works
+  // against the same container. The spec semantically verifies the redirect
+  // wiring; checking the response code + Location header is equivalent and
+  // not subject to the Chromium-only flake.
+  const res = await request.get("/", { maxRedirects: 0 });
+  expect(res.status()).toBe(307);
+  expect(res.headers()["location"] ?? "").toMatch(/\/auth\/signin/);
 });
 
 test("signin page renders credential inputs and submit button", async ({ page }) => {