Disconnecting/reconnecting from CAS should not display sw.js

This issue happens systematically with CAS (and sometimes with OAuth2 or OKTA, with different reproduction steps)

How to reproduce:

1. setup your CAS instance
2. make your nuxeo 10.10+ HTTPS-ed (mandatory step: see https://developers.google.com/web/fundamentals/primers/service-workers/ )
3. clear your Firefox browser cache
4. invoke https://nuxeo:port/nuxeo and login in CAS => works
5. logout from nuxeo
6. invoke https://nuxeo:port/nuxeo and login in CAS => fails and displays either sw.js?ts=\<timestamp\> or workbox/workbox-sw.js
   e.g.

   var workbox=function(){"use strict";try{self.workbox.v["workbox:sw:3.6.3"]=1}catch(t){}const t="https://storage.googleapis.com/workbox-cdn/releases/3.6.3",e={backgroundSync:"background-sync",broadcastUpdate:"broadcast-cache-update",cacheableResponse:"cacheable-response",core:"core",expiration:"cache-expiration",googleAnalytics:"google-analytics",navigationPreload:"navigation-preload",precaching:"precaching",rangeRequests:"range-requests",routing:"routing",strategies:"strategies",streams:"streams"};return new class{constructor(){return this.v={},this.t={debug:"localhost"===self.location.hostname,modulePathPrefix:null,modulePathCb:null},this.e=this.t.debug?"dev":"prod",this.s=!1,new Proxy(this,{get(t,s){if(t[s])return t[s];const o=e[s];return o&&t.loadModule(`workbox-${o}`),t[s]}})}setConfig(t={}){if(this.s)throw new Error("Config must be set before accessing workbox.* modules");Object.assign(this.t,t),this.e=this.t.debug?"dev":"prod"}skipWaiting(){self.addEventListener("install",()=>self.skipWaiting())}clientsClaim(){self.addEventListener("activate",()=>self.clients.claim())}loadModule(t){const e=this.o(t);try{importScripts(e),this.s=!0}catch(s){throw console.error(`Unable to import module '${t}' from '${e}'.`),s}}o(e){if(this.t.modulePathCb)return this.t.modulePathCb(e,this.t.debug);let s=[t];const o=`${e}.${this.e}.js`,r=this.t.modulePathPrefix;return r&&""===(s=r.split("/"))[s.length-1]&&s.splice(s.length-1,1),s.push(o),s.join("/")}}}();
   
   //# sourceMappingURL=workbox-sw.js.map

   or

   importScripts('workbox/workbox-sw.js');
   workbox.loadModule('workbox-strategies');
   
   self.addEventListener('install', event => {
     self.skipWaiting();
   
     const params = new URL(self.location.href).searchParams;
     if (params.has('ts')) {
       workbox.routing.registerRoute(/\.*\.(html|js)$/, async ({url, event}) => {
         const strategy = workbox.strategies.networkFirst();
         const request = new Request(`${url}?ts=${params.get('ts')}`, {credentials: 'same-origin'});
         return await strategy.makeRequest({event, request});
       });
     }
   });
   

Note 1: does not happen in Dev mode => do NOT set org.nuxeo.dev=true to reproduce. You can use org.nuxeo.dev=true as a workaround
Note 2: re-invoking https://nuxeo:port/nuxeo a third time works

Expected: relogging in CAS, OAuth2, OKTA should work seamlessly