Project: The League (Railway projectId: ee2b1e78-bf28-4d13-8dab-4265edb9db30)

Service: Leaderboard App (railway service id: a95d9d22-caca-4182-8f69-10a0820ef677)

Public domain: https://theleague-ca.com

Internal host: https://leaderboard-app-production-7056.up.railway.app

Description:

We merged code to add a public leaderboard endpoint and a middleware exemption. Since merging and deploying, production is intermittently returning HTTP 401 for /api/public/leaderboard and previously returned cached 404 for a proxy route. The app itself is healthy and SalesRabbit syncs ran successfully; the 401s are shown in Railway HTTP logs as being returned by the railway-edge. We need help diagnosing edge behavior and allowing these requests to reach the app.

Repro steps / timeline:

• PRs merged to main (middleware exemption, proxy/fallback endpoints) — Feb 25/26, 2026.

• Redeployed via Railway; container started and Next.js ready. Sync logs show successful upserts and no server errors.

• Repeated checks:

  • curl -i https://theleague-ca.com/api/public/leaderboard → intermittently 401 (railway-edge) or 200 with [] (after purge)

  • curl -i -H "Authorization: Bearer <ADMIN_TOKEN>" https://theleague-ca.com/api/leaderboard → returned 401 from some hosts; returned 200 from others (inconsistent)

• We purged CDN/edge cache and restarted service replicas multiple times; public route became reachable (200) but returned an empty array; proxy route initially returned 404 (cached), then after merges and purges it became 200 but empty.

Logs (representative excerpts, no secrets):

• Deploy logs: container started; Next.js ready; [SYNC] Leads complete. 10000 fetched, 59 processed (recent), 9941 skipped (old), 5 inserted. No app-side errors.

• HTTP logs (edge):

GET /api/public/leaderboard 401 102ms

GET /api/public/leaderboard 401 11ms

GET /api/public/leaderboard 401 7ms

GET / 200 259ms

GET /api/sync/run 200 64ms

GET / 200 133ms

GET / 200 97ms

GET /api/public/leaderboard 401 102ms

GET /api/public/leaderboard 401 11ms

(other endpoints /, /api/sync/run returning 200 in same logs)

What we need from the edge team:

1. Inspect edge worker / CDN rules for the domain theleague-ca.com and confirm whether any rule is rejecting or caching 401/404 for /api/* or specifically /api/public/*.

2. If such a rule exists, please exempt or allow /api/public/* and allow Authorization headers to be forwarded, or exclude /api/public/* from that rule.

3. If no such rule exists, please inspect edge cache entries and purge any cached 401/404 responses for these URLs:

  • https://theleague-ca.com/api/public/leaderboard

  • https://leaderboard-app-production-7056.up.railway.app/api/public/leaderboard

  • https://theleague-ca.com/api/public/leaderboard-fallback

4. Provide the upstream/edge log lines showing which component generated the 401 (edge worker or the app) and advice for preserving Authorization headers for authenticated endpoints.

Impact:

• The public leaderboard is not displaying knocks publicly; admin endpoints show inconsistent auth behavior. This blocks public visibility and admin operations.

Attachments: (paste the following into the support form’s attachments area or message body)

• Deploy logs excerpt (no secrets) showing container start + sync completed

• HTTP Logs excerpt showing repeated 401 lines for /api/public/leaderboard

Contact and follow-up:

• Shane Murphy (owner) — ops contact via this channel

• I can provide additional deploy IDs, exact timestamps, and logs on request....