For some reason it was decided to allow October controllers to support Laravel middleware, this has been reverted because it is a convoluted solution that doesn't respect the original architecture. There are other ways to handle middleware requirements
The original use case appeared to be to simply allow backend controllers to inject headers. This is something easily solvable whilst keeping the simple and original workflow
The response is returned directly to the route so this is not needed, it was likely added as an artefact of a previous implementation
Refs #3773
Refs #3746
If a website has a Service Worker installed it would load and register before a User tries to login to the backend causing a "Invalid security token" message. This PR unregisters any installed Service Worker when a User opens the backend Signin webpage.
I have also added the NEW Security Headers to add Protection to October's Cache and Cookies. This includes two new Middleware that first clears any bad cached data before a User tries to login and the second Middleware will clear all the sensitive User Data when a User signs out of the Backend.
For more info on the new Security Header 'Clear Site Data' you can see the spec found here: https://www.w3.org/TR/clear-site-data/Fixes#4076, fixes#3707.
Kerim
Samuel Georges
Samuell
Ayumi Hamasaki
Luke Towers
Ben Thomson
Ayumi Hamasaki
Nathan van der Werf
Christophe Vuagniaux
Pásztor Gábor
Mulia Arifandi Nasution
Stefan Talen