Block off SW running in backend and reduce lookups (#4385)
Credit to @ayumihamsaki. Related #4384
This commit is contained in:
Ayumi Hamasaki
Denis Denisov
parent
53a825222d
commit
884042952f
|
|
@ -413,4 +413,26 @@ return [
|
|||
|
||||
'restrictBaseDir' => true,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Backend Service Worker
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Allow plugins to run Service Workers in the backend.
|
||||
|
|
||||
| WARNING: This should always be disabled for security reasons as Service
|
||||
| Workers can be hijacked and used to run XSS into the backend. Turning
|
||||
| this feature on can create a conflict if you have a frontend Service
|
||||
| Worker running. The 'scope' needs to be correctly set and not have a
|
||||
| duplicate subfolder structure on the frontend, otherwise it will run
|
||||
| on both the frontend and backend of your website.
|
||||
|
|
||||
| true - allow service workers to run in the backend
|
||||
|
|
||||
| false - disallow service workers to run in the backend
|
||||
|
|
||||
*/
|
||||
|
||||
'enableBackendServiceWorkers' => false,
|
||||
|
||||
];
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
// Only run on HTTPS connections
|
||||
if (location.protocol === 'https:') {
|
||||
// Unregister all service workers before signing in to prevent cache issues
|
||||
navigator.serviceWorker.getRegistrations().then(
|
||||
function(registrations) {
|
||||
for (let registration of registrations) {
|
||||
registration.unregister();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
@ -46,8 +46,6 @@ class Auth extends Controller
|
|||
})->only('signout');
|
||||
}
|
||||
|
||||
// Add JS File to un-install SW to avoid Cookie Cache Issues when Signin, see github issue: #3707
|
||||
$this->addJs(url("/modules/backend/assets/js/auth/uninstall-sw.js"));
|
||||
$this->layout = 'auth';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -39,6 +39,24 @@
|
|||
<link href="<?= $script . '?v=' . $coreBuild; ?>" rel="preload" as="script" importance="high">
|
||||
<?php endforeach; ?>
|
||||
|
||||
<?php if (!Config::get('cms.enableBackendServiceWorkers', false)) : ?>
|
||||
<script>
|
||||
"use strict";
|
||||
/* Only run on HTTPS connections
|
||||
* Block off Front-end Service Worker from running in the Backend allowing security injections, see GitHub #4384
|
||||
*/
|
||||
if (location.protocol === 'https:') {
|
||||
// Unregister all service workers before signing in to prevent cache issues, see github issue: #3707
|
||||
navigator.serviceWorker.getRegistrations().then(
|
||||
function(registrations) {
|
||||
for (let registration of registrations) {
|
||||
registration.unregister();
|
||||
}
|
||||
});
|
||||
}
|
||||
</script>
|
||||
<?php endif; ?>
|
||||
|
||||
<?= $this->makeAssets() ?>
|
||||
<?= Block::placeholder('head') ?>
|
||||
<?= $this->makeLayoutPartial('custom_styles') ?>
|
||||
|
|
|
|||
|
|
@ -37,6 +37,24 @@
|
|||
<link href="<?= $script . '?v=' . $coreBuild; ?>" rel="preload" as="script" importance="high">
|
||||
<?php endforeach; ?>
|
||||
|
||||
<?php if (!Config::get('cms.enableBackendServiceWorkers', false)) : ?>
|
||||
<script>
|
||||
"use strict";
|
||||
/* Only run on HTTPS connections
|
||||
* Block off Front-end Service Worker from running in the Backend allowing security injections, see GitHub #4384
|
||||
*/
|
||||
if (location.protocol === 'https:') {
|
||||
// Unregister all service workers before signing in to prevent cache issues, see github issue: #3707
|
||||
navigator.serviceWorker.getRegistrations().then(
|
||||
function(registrations) {
|
||||
for (let registration of registrations) {
|
||||
registration.unregister();
|
||||
}
|
||||
});
|
||||
}
|
||||
</script>
|
||||
<?php endif; ?>
|
||||
|
||||
<?= $this->makeAssets() ?>
|
||||
<?= Block::placeholder('head') ?>
|
||||
<?= $this->makeLayoutPartial('custom_styles') ?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue