fix: v0.20.1 — fix ingress double-slash redirect breaking iframe

jrx-code · claude · jrx-code · commit 143d78bd7024 · 2026-03-10T21:33:11.000+01:00
The // → / redirect (301) sent the browser to HA root instead of the
addon, causing nested HA pages in the ingress panel. Now rewrite the
path in-place instead of redirecting.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/ha-sandbox/app/main.py b/ha-sandbox/app/main.py
@@ -74,9 +74,11 @@ async def ingress_middleware(request: Request, call_next):
     """Support HA ingress by reading X-Ingress-Path header."""
     ingress_path = request.headers.get("X-Ingress-Path", "")
     request.state.ingress_path = ingress_path
-    # Normalize double-slash from ingress proxy (GET // → redirect to /)
-    if request.url.path != "/" and request.url.path.startswith("//"):
-        return RedirectResponse(request.url.path.replace("//", "/", 1), status_code=301)
+    # Normalize double-slash from ingress proxy (// → treat as /)
+    path = request.url.path
+    if path != "/" and path.startswith("//"):
+        scope = request.scope
+        scope["path"] = path.replace("//", "/", 1)
     response = await call_next(request)
     return response
 
diff --git a/ha-sandbox/config.yaml b/ha-sandbox/config.yaml
@@ -1,5 +1,5 @@
 name: "HA Security Sandbox"
-version: "0.20.0"
+version: "0.20.1"
 slug: ha_security_sandbox
 description: "Security scanner for Home Assistant custom components — static analysis + AI review"
 url: "https://github.com/jrx-code/ha-security-sandbox"
