api.global/typedserver
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(serviceworker): Enhance header security for cached resources in service worker

Browse Source
This commit is contained in:
Philipp Kunz
2025-02-06 21:13:53 +01:00
parent dd6babdf81
commit 3556594501
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ts_web_serviceworker/classes.cachemanager.ts
View File

@@ -174,6 +174,16 @@ export class CacheManager {
if (!headers.has('Access-Control-Allow-Headers')) {
headers.set('Access-Control-Allow-Headers', 'Content-Type');
}
// Set Cross-Origin-Resource-Policy
if (matchRequest.url.startsWith(this.losslessServiceWorkerRef.serviceWindowRef.location.origin)) {
// For same-origin resources
headers.set('Cross-Origin-Resource-Policy', 'same-origin');
} else {
// For cross-origin resources that we explicitly allow
headers.set('Cross-Origin-Resource-Policy', 'cross-origin');
}
// Prevent browser caching while allowing ServiceWorker caching.
headers.set('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
headers.set('Pragma', 'no-cache');