frontend: subpath-safe fetch() in /model command

[tomtong2015]

cmdModel() had the only two root-absolute fetch('/api/...') calls left in the frontend. Under a reverse proxy that mounts the app at a subpath (e.g. jupyter-server-proxy at /proxy//), a root-absolute path escapes the mount and 404s, so /model can't load the catalog or update the session. Resolve both against document.baseURI (falling back to location.href) like every other fetch in the frontend already does.

[greptile-apps]

Greptile Summary

Fixes the two remaining root-absolute fetch('/api/...') calls in cmdModel() so they resolve against document.baseURI (falling back to location.href), matching the subpath-safe URL construction pattern already used by every other fetch in the frontend. This unblocks use of the /model command when the app is deployed behind a reverse proxy that mounts it at a subpath.

• Both calls — api/models (GET) and api/session/update (POST) — are updated to use new URL('api/...', document.baseURI||location.href).href.
• A quick sweep confirms no root-absolute fetch('/api/...') calls remain anywhere in the static/ directory after this change.

Confidence Score: 5/5

Safe to merge — the change is a minimal, mechanical URL fix with no behavioral side effects beyond correcting subpath routing.

Both changed call sites swap a root-absolute string literal for the same new URL(rel, document.baseURI||location.href).href idiom used consistently across every other fetch in the frontend. No credentials, error-handling, or response-processing logic is touched. A grep confirms no root-absolute /api/ fetch calls remain in static/ after this change.

No files require special attention.

Important Files Changed

Filename	Overview
static/commands.js	Replaces the last two root-absolute fetch('/api/...') calls in cmdModel() with subpath-safe new URL('api/...', document.baseURI

_{Reviews (1): Last reviewed commit: "frontend: subpath-safe fetch() in /model..." | Re-trigger Greptile}

[nesquena-hermes]

Thanks for this — it's a clean, well-scoped fix.

Summary

Reading static/commands.js:550 and :590 on origin/master plus the diff at this PR, the claim checks out: cmdModel() held the last two root-absolute fetch('/api/...') calls in the frontend. Under a reverse proxy that mounts the app at a subpath (jupyter-server-proxy at /proxy/<port>/, REANA, etc.), a leading-slash path resolves against the origin root and escapes the mount, so /model 404s on both the catalog fetch and the cross-provider session/update.

Code reference

The two changed lines now match the convention every other fetch already uses:

const resp=await fetch(new URL('api/models',document.baseURI||location.href).href);
...
const resp=await fetch(new URL('api/session/update',document.baseURI||location.href).href,{

This is byte-for-byte the same shape as static/ui.js:1885 (new URL('api/models',document.baseURI||location.href)) and static/ui.js:1855 (new URL('api/session/update',...)), so commands.js is just catching up to the established pattern.

Verification

I confirmed against origin/master:

• grep "fetch('/api" across static/ returns exactly those two commands.js lines and nothing else — so this closes the gap completely.
• The relative-URL form resolves correctly: with document.baseURI = https://host/proxy/8787/, new URL('api/models', base) yields https://host/proxy/8787/api/models. The location.href fallback preserves direct-deployment behavior.

Recommendation

Looks good to merge. Two optional follow-ups, neither blocking:

1. A quick lint/CI guard (a grep -n "fetch(['\"]/api" static/ check) would prevent the next root-absolute fetch from creeping back in, since this is the second time the pattern has had to be swept up.
2. No test is included; given it's a one-line URL-construction change matching existing call sites, a unit test is probably overkill, but a comment noting the subpath rationale (like the #3368 note just above) wouldn't hurt.