opensource/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash.git synced 2025-11-03 21:17:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore (iframe): cross cookie cleanup

Browse Source
This commit is contained in:
MickaelK
2024-09-10 21:31:02 +10:00
parent c15899c934
commit 9baf4b0f74
4 changed files with 21 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
public/assets/boot/ctrl_boot_frontoffice.js
View File

@ -15,6 +15,7 @@ export default async function main() {
setup_blue_death_screen(), setup_blue_death_screen(),
setup_history(), setup_history(),
setup_polyfill(), setup_polyfill(),
setup_iframe(),
]); ]);
await Promise.all([ // procedure with dependency on config await Promise.all([ // procedure with dependency on config
@ -106,3 +107,22 @@ async function setup_polyfill() {
await loadJS(import.meta.url, "../lib/polyfill.js"); await loadJS(import.meta.url, "../lib/polyfill.js");
} }
} }
// In safari and duck duck go browser, cross domain iframe cannot inject cookies,
// see https://support.apple.com/en-au/guide/safari/sfri40732/mac
// hopefully one day, they provide support for partitioned cookie and we can remove this code
// but until that happens we had to find a way to inject authorisation within ../lib/ajax.js
async function setup_iframe() {
if (window.self === window.top) return;
window.addEventListener("pagechange", async() => {
if (location.hash === "") return; // happy path
const token = new URLSearchParams(location.hash.replace(new RegExp("^#"), "?")).get("bearer");
if (token) window.BEARER_TOKEN = token;
if (location.pathname === toHref("/logout")) {
delete window.BEARER_TOKEN;
}
});
}

2
public/assets/pages/connectpage/ctrl_form.js
View File

@ -199,7 +199,7 @@ export default async function(render) {
rxjs.tap(() => toggleLoader(true)), rxjs.tap(() => toggleLoader(true)),
rxjs.mergeMap(() => createSession(formData)), rxjs.mergeMap(() => createSession(formData)),
rxjs.tap(({ responseJSON, responseHeaders }) => { rxjs.tap(({ responseJSON, responseHeaders }) => {
if (responseHeaders.bearer) window.BEARER_TOKEN = responseHeaders.bearer; // fix https://support.apple.com/en-au/guide/safari/sfri40732/mac if (responseHeaders.bearer) window.BEARER_TOKEN = responseHeaders.bearer; // see ctrl_boot_frontoffice.js -> setup_iframe
let redirectURL = toHref("/files/"); let redirectURL = toHref("/files/");
const GET = getURLParams(); const GET = getURLParams();
if (GET["next"]) redirectURL = GET["next"]; if (GET["next"]) redirectURL = GET["next"];

2
public/assets/pages/ctrl_homepage.js
View File

@ -24,8 +24,6 @@ export default function(render) {
} }
// feature2: redirect user where it makes most sense // feature2: redirect user where it makes most sense
const token = new URLSearchParams(location.hash.replace(new RegExp("^#"), "?")).get("bearer");
if (token) window.BEARER_TOKEN = token;
effect(getSession().pipe( effect(getSession().pipe(
rxjs.catchError((err) => { rxjs.catchError((err) => {
if (err instanceof AjaxError && err.err().status === 401) { if (err instanceof AjaxError && err.err().status === 401) {

1
public/assets/pages/ctrl_logout.js
View File

@ -13,7 +13,6 @@ export default function(render) {
effect(deleteSession().pipe( effect(deleteSession().pipe(
rxjs.mergeMap(setup_config), rxjs.mergeMap(setup_config),
rxjs.tap(() => { rxjs.tap(() => {
delete window.BEARER_TOKEN;
window.CONFIG["logout"] ? location.href = window.CONFIG["logout"] : navigate(toHref("/")) window.CONFIG["logout"] ? location.href = window.CONFIG["logout"] : navigate(toHref("/"))
}), }),
rxjs.catchError(ctrlError(render)), rxjs.catchError(ctrlError(render)),