Hi all — I’m stuck on a redirect issue that only seems to happen once deployed on Netlify.
I have a small SPA (Vite + React) with client-side routing, and an OAuth callback route at /auth/callback. After login, the provider redirects back with query params like:
https://my-site.netlify.app/auth/callback?code=abc123&state=xyz
Locally, this works fine in dev. In production on Netlify, if I click around from within the app it’s OK, but if I directly load that callback URL or come back from the OAuth provider, I get a 404 page from Netlify before the app can handle the route.
What I expected
I expected Netlify to serve index.html for any SPA route so React Router could handle /auth/callback and read the query string.
What actually happens
Netlify returns a 404 for direct requests to /auth/callback?code=...&state=....
Current setup
netlify.toml:
[build]
command = "npm run build"
publish = "dist"
[[redirects]]
from = "/api/*"
to = "https://api.example.com/:splat"
status = 200
force = true
I also tried adding this:
[[redirects]]
from = "/*"
to = "/index.html"
status = 200
but I’m not sure if I placed it correctly, because the deploy still seems to behave the same way.
I checked the published deploy and index.html is definitely there under dist/.
Things I’ve tried
- redeploying with cache cleared
- moving the SPA fallback redirect above and below the
/api/*rule - testing with and without
force = trueon the API proxy - confirming the OAuth provider is redirecting to the exact production URL
Questions
- Is there anything special about callback URLs with query params on Netlify routing?
- Does the SPA catch-all need to come after the API redirect, or before it?
- Is there a better way to configure this when mixing SPA routes with an
/api/*proxy?
If it helps, I can share the full deploy log and site URL, but I wanted to check whether I’m missing something obvious in the redirect config first.
