Return null in getCacheToUseIfEnabled when the protocol is not https (#24012)
Addresses #23082 If served over http the cache is assumed compromised, this can happen when the page first loads over http before the https redirect.
This commit is contained in:
parent
cf77999a3b
commit
b8261dfe9d
File diff suppressed because one or more lines are too long
|
|
@ -165,6 +165,12 @@ async function getCacheToUseIfEnabled(bootConfig: BootJsonData): Promise<Cache |
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// cache integrity is compromised if the first request has been served over http
|
||||||
|
// in this case, we want to disable caching and integrity validation
|
||||||
|
if (document.location.protocol !== 'https:') {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
// Define a separate cache for each base href, so we're isolated from any other
|
// Define a separate cache for each base href, so we're isolated from any other
|
||||||
// Blazor application running on the same origin. We need this so that we're free
|
// Blazor application running on the same origin. We need this so that we're free
|
||||||
// to purge from the cache anything we're not using and don't let it keep growing,
|
// to purge from the cache anything we're not using and don't let it keep growing,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue