huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Return null in getCacheToUseIfEnabled when the protocol is not https (#24012) 

Addresses #23082 
If served over http the cache is assumed compromised, this can happen when the page first loads over http before the https redirect.
This commit is contained in:
Josh Dadak 2020-07-16 18:59:39 +01:00 committed by GitHub
parent cf77999a3b
commit b8261dfe9d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Components/Web.JS/dist/Release/blazor.webassembly.js generated vendored
View File

File diff suppressed because one or more lines are too long

6
src/Components/Web.JS/src/Platform/WebAssemblyResourceLoader.ts
View File

@ -165,6 +165,12 @@ async function getCacheToUseIfEnabled(bootConfig: BootJsonData): Promise<Cache |
return null;
}
// cache integrity is compromised if the first request has been served over http
// in this case, we want to disable caching and integrity validation
if (document.location.protocol !== 'https:') {
return null;
}
// Define a separate cache for each base href, so we're isolated from any other
// Blazor application running on the same origin. We need this so that we're free
// to purge from the cache anything we're not using and don't let it keep growing,