3.0.68

fix(cache-manager): Simplify cache control headers in cache manager
3.0.67
2025-02-07 12:55:48 +01:00 · 2025-02-07 12:55:47 +01:00 · 2025-02-06 21:13:54 +01:00 · 2025-02-06 21:13:53 +01:00
4 changed files with 23 additions and 6 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,15 @@
 # Changelog

+## 2025-02-07 - 3.0.68 - fix(cache-manager)
+Simplify cache control headers in cache manager
+
+- Removed unnecessary cache control headers while setting modern Cache-Control.
+
+## 2025-02-06 - 3.0.67 - fix(serviceworker)
+Enhance header security for cached resources in service worker
+
+- Added Cross-Origin-Resource-Policy header management for service worker cached resources.
+
 ## 2025-02-06 - 3.0.66 - fix(serviceworker)
 Improve error handling and logging in cache manager and update manager.

--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "@api.global/typedserver",
-  "version": "3.0.66",
+  "version": "3.0.68",
  "description": "A TypeScript-based project for easy serving of static files with support for live reloading, compression, and typed requests.",
  "type": "module",
  "exports": {
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@api.global/typedserver',
-  version: '3.0.66',
+  version: '3.0.68',
  description: 'A TypeScript-based project for easy serving of static files with support for live reloading, compression, and typed requests.'
 }
--- a/ts_web_serviceworker/classes.cachemanager.ts
+++ b/ts_web_serviceworker/classes.cachemanager.ts
@ -174,11 +174,18 @@ export class CacheManager {
              if (!headers.has('Access-Control-Allow-Headers')) {
                headers.set('Access-Control-Allow-Headers', 'Content-Type');
              }
-              // Prevent browser caching while allowing ServiceWorker caching.
+              
+              // Set Cross-Origin-Resource-Policy
+              if (matchRequest.url.startsWith(this.losslessServiceWorkerRef.serviceWindowRef.location.origin)) {
+                // For same-origin resources
+                headers.set('Cross-Origin-Resource-Policy', 'same-origin');
+              } else {
+                // For cross-origin resources that we explicitly allow
+                headers.set('Cross-Origin-Resource-Policy', 'cross-origin');
+              }
+
+              // Set caching headers - use modern Cache-Control only
              headers.set('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
-              headers.set('Pragma', 'no-cache');
-              headers.set('Expires', '0');
-              headers.set('Surrogate-Control', 'no-store');

              // IMPORTANT: Read the full response body as a blob to avoid issues (e.g., Safari locked streams).
              const bodyBlob = await responseToPutToCache.blob();
Author	SHA1	Message	Date
Philipp Kunz	b3726cb518	3.0.68	2025-02-07 12:55:48 +01:00
Philipp Kunz	ec6754be52	fix(cache-manager): Simplify cache control headers in cache manager	2025-02-07 12:55:47 +01:00
Philipp Kunz	1ced20c887	3.0.67	2025-02-06 21:13:54 +01:00
Philipp Kunz	3556594501	fix(serviceworker): Enhance header security for cached resources in service worker	2025-02-06 21:13:53 +01:00