fix(web): prevent crash when User-Agent header is missing

[brendan-kellam]

Fixes SOU-1328
Fixes #1308

Problem

Enabling anonymous access made the web UI unavailable, with the Docker logs showing a recurring No valid user agent string was provided warning followed by a TypeError destructuring isMobile from undefined.

Root cause: In packages/web/src/app/(app)/layout.tsx, the mobile-detection check calls getSelectorsByUserAgent(userAgent ?? ''). react-device-detect returns undefined (not an object) for an empty string, so destructuring { isMobile } throws.

Why anonymous access is the trigger: With anonymous access disabled, session-less requests are redirected to /login earlier in the layout and never reach this line. With anonymous access enabled, they fall through to the mobile check. Requests that omit the User-Agent header (proxy/health-check probes, e.g. HAProxy option httpchk) then crash the root (app) layout, taking down the whole UI. These recurring probes are what produced the repeating error in the logs.

Fix

Only call getSelectorsByUserAgent when a non-empty User-Agent is present; otherwise treat the client as non-mobile.

Reproduction

Against a single-tenant instance with anonymous access enabled, send a request to the app root with an empty/missing User-Agent:

curl -sS -o /dev/null -w "%{http_code}\n" -H "User-Agent;" http://localhost:3000/

Before: 500 (crashed layout). After: renders normally. With anonymous access disabled, the same request 307-redirects to /login (unchanged).

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Fixed a web UI crash that occurred when accessing the application anonymously without providing a User-Agent header.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2a1fca38-b941-4d05-a67d-a44e41396fc4

📥 Commits

Reviewing files that changed from the base of the PR and between 4ec87e1 and 7ba1773.

📒 Files selected for processing (2)

• CHANGELOG.md
• packages/web/src/app/(app)/layout.tsx

---

Walkthrough

The Layout component's mobile-detection logic is patched to guard against a missing user-agent header by defaulting isMobile to false instead of passing an empty string to getSelectorsByUserAgent. A changelog entry documents the fix.

Changes

User-Agent Null Safety Fix

Layer / File(s)	Summary
Mobile-detection null guard and changelog packages/web/src/app/(app)/layout.tsx, CHANGELOG.md	Layout now checks whether the user-agent header is present before calling getSelectorsByUserAgent; if absent, it defaults to { isMobile: false }. The corresponding fix is recorded in the changelog under [Unreleased] > Fixed.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch brendan/fix-SOU-1328

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ymorocz]

Excellent Merge