Koala73/worldmonitor New commit

[gavinlovespython]

fix: whitelist social preview bots + restrict SW routes to same-origin (koala73/worldmonitor#251)

• fix: restrict SW route patterns to same-origin only

The broad regex /^https?://./api/./i matched ANY URL with /api/
in the path, including external APIs like NASA EONET
(eonet.gsfc.nasa.gov/api/v3/events). Workbox intercepted these
cross-origin requests with NetworkOnly, causing no-response errors
when CORS failed.

Changed all /api/, /ingest/, and /rss/ SW route patterns to use
sameOrigin callback check so only our Vercel routes get NetworkOnly
handling. External APIs now pass through without SW interference.

• fix: whitelist social preview bots on OG image assets

Slack-ImgProxy (distinct from Slackbot) was blocked from fetching
/favico/og-image.png by both our bot filter and Vercel Attack Challenge.
Extend middleware matcher to /favico/* and allow all social preview/image
bots through on static asset paths.