Fixed problem where auth is bypassed
This commit is contained in:
Roman Krček
@@ -31,55 +31,51 @@ self.addEventListener('activate', (event) => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
self.addEventListener('fetch', (event) => {
|
self.addEventListener('fetch', (event) => {
|
||||||
// ignore POST requests etc
|
|
||||||
if (event.request.method !== 'GET') return;
|
if (event.request.method !== 'GET') return;
|
||||||
|
|
||||||
|
// --- START: MODIFICATION TO PREVENT CACHING PRIVATE ROUTES ---
|
||||||
|
const url = new URL(event.request.url);
|
||||||
|
|
||||||
|
// If the request is for a private route, always fetch from the network.
|
||||||
|
// This ensures that server-side authentication checks are not bypassed by the cache.
|
||||||
|
if (url.pathname.startsWith('/private')) {
|
||||||
|
event.respondWith(fetch(event.request));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// --- END: MODIFICATION ---
|
||||||
|
|
||||||
async function respond() {
|
async function respond() {
|
||||||
const url = new URL(event.request.url);
|
const url = new URL(event.request.url);
|
||||||
|
const cache = await self.caches.open(CACHE);
|
||||||
// Skip caching for auth routes
|
|
||||||
if (url.pathname.startsWith('/auth/')) {
|
|
||||||
return fetch(event.request);
|
|
||||||
}
|
|
||||||
|
|
||||||
const cache = await caches.open(CACHE);
|
// `build`/`prerendered` pages are cached on install.
|
||||||
|
// If the page exists in the cache, serve it directly.
|
||||||
// `build`/`files` can always be served from the cache
|
|
||||||
if (ASSETS.includes(url.pathname)) {
|
if (ASSETS.includes(url.pathname)) {
|
||||||
const response = await cache.match(url.pathname);
|
const cachedResponse = await cache.match(url.pathname);
|
||||||
|
if (cachedResponse) {
|
||||||
if (response) {
|
return cachedResponse;
|
||||||
return response;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// for everything else, try the network first, but
|
// For everything else, try to get it from the network.
|
||||||
// fall back to the cache if we're offline
|
|
||||||
try {
|
try {
|
||||||
const response = await fetch(event.request);
|
const response = await fetch(event.request);
|
||||||
|
|
||||||
// if we're offline, fetch can return a value that is not a Response
|
// If the request is for a file from the build directory, cache it.
|
||||||
// instead of throwing - and we can't pass this non-Response to respondWith
|
if (response.status === 200 && url.pathname.startsWith(`/${build[0]}/`)) {
|
||||||
if (!(response instanceof Response)) {
|
|
||||||
throw new Error('invalid response from fetch');
|
|
||||||
}
|
|
||||||
|
|
||||||
if (response.status === 200) {
|
|
||||||
cache.put(event.request, response.clone());
|
cache.put(event.request, response.clone());
|
||||||
}
|
}
|
||||||
|
|
||||||
return response;
|
return response;
|
||||||
} catch (err) {
|
} catch (error) {
|
||||||
const response = await cache.match(event.request);
|
// If the network is unavailable, fall back to the cache.
|
||||||
|
const cachedResponse = await cache.match(event.request);
|
||||||
if (response) {
|
if (cachedResponse) {
|
||||||
return response;
|
return cachedResponse;
|
||||||
}
|
}
|
||||||
|
|
||||||
// if there's no cache, then just error out
|
|
||||||
// as there is nothing we can do to respond to this request
|
|
||||||
throw err;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return new Response('Not found', { status: 404 });
|
||||||
}
|
}
|
||||||
|
|
||||||
event.respondWith(respond());
|
event.respondWith(respond());
|
||||||
|
|||||||
Reference in New Issue
Block a user