File: crates/web/src/main.rs:17
Severity: quality
Obvious? yes
navigator.serviceWorker.register('/sw.js').catch(function() {}) discards every failure mode: HTTPS misconfiguration, MIME-type mismatch (trunk serving sw.js as text/plain), parse error, or scope violation. Result: notifications and offline cache silently never work, no console output, no telemetry.
Fix: replace the catch with a tracing::warn! (passing the e argument) or at minimum console.warn. The js_sys::eval form here also evades CSP script-src enforcement; consider porting to web_sys::ServiceWorkerContainer::register() so the failure surfaces through proper error handling and the codebase can drop one more 'unsafe-eval' user (per the CSP comment in index.html referencing #171 / #425).
Filed by /general-audit @ 88498a5 (2026-05-04). master: #600.
File:
crates/web/src/main.rs:17Severity: quality
Obvious? yes
navigator.serviceWorker.register('/sw.js').catch(function() {})discards every failure mode: HTTPS misconfiguration, MIME-type mismatch (trunk servingsw.jsastext/plain), parse error, or scope violation. Result: notifications and offline cache silently never work, no console output, no telemetry.Fix: replace the catch with a
tracing::warn!(passing theeargument) or at minimumconsole.warn. Thejs_sys::evalform here also evades CSPscript-srcenforcement; consider porting toweb_sys::ServiceWorkerContainer::register()so the failure surfaces through proper error handling and the codebase can drop one more'unsafe-eval'user (per the CSP comment inindex.htmlreferencing #171 / #425).Filed by
/general-audit@88498a5(2026-05-04). master: #600.