From 101fa629978151870ca1243c6b9f231dbe0d2196 Mon Sep 17 00:00:00 2001 From: rcourtman Date: Mon, 15 Dec 2025 22:30:24 +0000 Subject: [PATCH] fix(security): show actual backend error instead of misleading DISABLE_AUTH message The frontend was incorrectly assuming any 401/403 response from the quick-setup endpoint meant the legacy DISABLE_AUTH flag was present. This was wrong - the real causes are typically: - Missing bootstrap token (for first-run setup) - Invalid bootstrap token - Authentication required for existing setups Now the frontend properly displays the actual error message from the backend, which includes helpful instructions for retrieving the bootstrap token. --- .../components/Settings/QuickSecuritySetup.tsx | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/frontend-modern/src/components/Settings/QuickSecuritySetup.tsx b/frontend-modern/src/components/Settings/QuickSecuritySetup.tsx index f7e30d3..2dc602f 100644 --- a/frontend-modern/src/components/Settings/QuickSecuritySetup.tsx +++ b/frontend-modern/src/components/Settings/QuickSecuritySetup.tsx @@ -95,11 +95,6 @@ export const QuickSecuritySetup: Component = (props) => }); if (!response.ok) { - if (response.status === 401 || response.status === 403) { - throw new Error( - 'Pulse detected a legacy DISABLE_AUTH flag. Remove that environment flag and restart Pulse before enabling security here.', - ); - } const error = await response.text(); throw new Error(error || 'Failed to setup security'); } @@ -111,7 +106,7 @@ export const QuickSecuritySetup: Component = (props) => // Security was already configured, don't show credentials showError( result.message || - 'Security is already configured. Please remove existing security first if you want to reconfigure.', + 'Security is already configured. Please remove existing security first if you want to reconfigure.', ); if (props.onConfigured) { props.onConfigured(); @@ -232,22 +227,20 @@ Important: