From 2a53c35df7205898e6c8beec7c460ef16b837bf9 Mon Sep 17 00:00:00 2001 From: bobsfriend12 Date: Wed, 20 Sep 2023 19:45:14 -0500 Subject: [PATCH 1/3] fix service worker security issue --- .../static/assets/js/shared/service-worker.js | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/app/frontend/static/assets/js/shared/service-worker.js b/app/frontend/static/assets/js/shared/service-worker.js index 2fdbf708..8616d5d4 100644 --- a/app/frontend/static/assets/js/shared/service-worker.js +++ b/app/frontend/static/assets/js/shared/service-worker.js @@ -6,14 +6,18 @@ importScripts( const CACHE = "crafty-controller"; +//This service worker is basically just here to make browsers +//accept the PWA. It's not doing much anymore + // TODO: replace the following with the correct offline fallback page i.e.: const offlineFallbackPage = "offline.html"; const offlineFallbackPage = "/offline"; -self.addEventListener("message", (event) => { - if (event.data && event.data.type === "SKIP_WAITING") { - self.skipWaiting(); - } -}); +// self.addEventListener("message", (event) => { +// console.log(event.data); +// if (event.data && event.data.type === "SKIP_WAITING") { +// self.skipWaiting(); +// } +// }); if (workbox.navigationPreload.isSupported()) { workbox.navigationPreload.enable(); From a02f42b0a6c272f21066977bf0547958bab63690 Mon Sep 17 00:00:00 2001 From: bobsfriend12 Date: Wed, 20 Sep 2023 19:50:30 -0500 Subject: [PATCH 2/3] remove unecesarry code from service worker --- .../static/assets/js/shared/service-worker.js | 31 ------------------- 1 file changed, 31 deletions(-) diff --git a/app/frontend/static/assets/js/shared/service-worker.js b/app/frontend/static/assets/js/shared/service-worker.js index 8616d5d4..4d3eac9e 100644 --- a/app/frontend/static/assets/js/shared/service-worker.js +++ b/app/frontend/static/assets/js/shared/service-worker.js @@ -9,37 +9,6 @@ const CACHE = "crafty-controller"; //This service worker is basically just here to make browsers //accept the PWA. It's not doing much anymore -// TODO: replace the following with the correct offline fallback page i.e.: const offlineFallbackPage = "offline.html"; -const offlineFallbackPage = "/offline"; - -// self.addEventListener("message", (event) => { -// console.log(event.data); -// if (event.data && event.data.type === "SKIP_WAITING") { -// self.skipWaiting(); -// } -// }); - if (workbox.navigationPreload.isSupported()) { workbox.navigationPreload.enable(); } - -// self.addEventListener('fetch', (event) => { -// if (event.request.mode === 'navigate') { -// event.respondWith((async () => { -// try { -// const preloadResp = await event.preloadResponse; - -// if (preloadResp) { -// return preloadResp; -// } -// const networkResp = await fetch(event.request); -// return networkResp; -// } catch (error) { - -// const cache = await caches.open(CACHE); -// const cachedResp = await cache.match(offlineFallbackPage); -// return cachedResp; -// } -// })()); -// } -// }); From 828996eec647155851943366fd24c83a9f9ce7b3 Mon Sep 17 00:00:00 2001 From: Zedifus Date: Thu, 21 Sep 2023 23:25:57 +0100 Subject: [PATCH 3/3] Update changelog !631 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 031e2b9b..ee86b2be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ - Bump crypto to resolve #267 & #268 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/622)) - Fix select installs failing to start, returning missing python package `packaging` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/629)) - Fix public status page not updating #255 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/615)) +- Fix service worker vulrn and CQ raised by SonarQ ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/631)) ### Refactor - Consolidate remaining frontend functions into API V2, and remove ajax internal API ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/585)) - Replace bleach with nh3 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/628))