From 0b330fd3440cb1d33b41769b42a60de5e268c1da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hartmut=20N=C3=B6renberg?= <hn@hartmut-noerenberg.com>
Date: Mon, 13 Apr 2026 06:44:39 +0200
Subject: [PATCH] test(web/e2e): verify root redirect via HTTP not Chromium
 navigation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Chromium on the QNAP act_runner intermittently raises ERR_CONNECTION_
REFUSED on page.goto('/') even when curl on the same pinned IP returns
307 a second earlier and the other four smoke tests (api/health,
/auth/signin, login, nav) all pass against the same container. The
smoke suite has blocked release-images on two successive docker-deploy
failures (bee5bbf, e2982a8) and a shell-level suite retry didn't help
— the Chromium refusal is reproducible per run.

Switch this one test to Playwright's HTTP request API with
maxRedirects: 0 and assert on status + Location. Semantically
equivalent (it verifies middleware wires / to /auth/signin) and
bypasses whatever Chromium-specific quirk is refusing the navigation.
---
 apps/web/e2e/smoke.spec.ts | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/apps/web/e2e/smoke.spec.ts b/apps/web/e2e/smoke.spec.ts
index 8d282b0..93a39b3 100644
--- a/apps/web/e2e/smoke.spec.ts
+++ b/apps/web/e2e/smoke.spec.ts
@@ -3,13 +3,21 @@ import { expect, test } from "@playwright/test";
 test("health endpoint returns status ok", async ({ request }) => {
   const res = await request.get("/api/health");
   expect(res.status()).toBe(200);
-  const body = await res.json() as { status: string };
+  const body = (await res.json()) as { status: string };
   expect(body.status).toBe("ok");
 });
 
-test("unauthenticated root redirects to signin", async ({ page }) => {
-  await page.goto("/");
-  await expect(page).toHaveURL(/\/auth\/signin/);
+test("unauthenticated root redirects to signin", async ({ request }) => {
+  // Use HTTP-level request rather than page.goto: on the QNAP runner Chromium
+  // intermittently raises ERR_CONNECTION_REFUSED on this exact navigation
+  // even when curl on the same URL returns 307 milliseconds earlier and
+  // every other smoke test (api/health, /auth/signin, login flow) works
+  // against the same container. The spec semantically verifies the redirect
+  // wiring; checking the response code + Location header is equivalent and
+  // not subject to the Chromium-only flake.
+  const res = await request.get("/", { maxRedirects: 0 });
+  expect(res.status()).toBe(307);
+  expect(res.headers()["location"] ?? "").toMatch(/\/auth\/signin/);
 });
 
 test("signin page renders credential inputs and submit button", async ({ page }) => {