PWA: Prevent passing credentials to avoid redirection issues

For #4649
More of a patch around the issue for now.
Have opened #4656 to properly address.
This commit is contained in:
Dan Brown 2023-11-07 14:33:37 +00:00
parent 889b0dae3b
commit ea0469e61a
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
3 changed files with 7 additions and 4 deletions

View file

@ -6,6 +6,11 @@ class PwaManifestBuilder
{ {
public function build(): array public function build(): array
{ {
// Note, while we attempt to use the user's preference here, the request to the manifest
// does not start a session, so we won't have current user context.
// This was attempted but removed since manifest calls could affect user session
// history tracking and back redirection.
// Context: https://github.com/BookStackApp/BookStack/issues/4649
$darkMode = (bool) setting()->getForCurrentUser('dark-mode-enabled'); $darkMode = (bool) setting()->getForCurrentUser('dark-mode-enabled');
$appName = setting('app-name'); $appName = setting('app-name');

View file

@ -29,7 +29,7 @@
<link rel="icon" type="image/png" sizes="32x32" href="{{ setting('app-icon-32') ?: url('/icon-32.png') }}"> <link rel="icon" type="image/png" sizes="32x32" href="{{ setting('app-icon-32') ?: url('/icon-32.png') }}">
<!-- PWA --> <!-- PWA -->
<link rel="manifest" href="{{ url('/manifest.json') }}" crossorigin="use-credentials"> <link rel="manifest" href="{{ url('/manifest.json') }}">
<meta name="mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-capable" content="yes">
@yield('head') @yield('head')

View file

@ -24,9 +24,7 @@ class PwaManifestTest extends TestCase
{ {
$html = $this->asViewer()->withHtml($this->get('/')); $html = $this->asViewer()->withHtml($this->get('/'));
// crossorigin attribute is required to send cookies with the manifest, $html->assertElementExists('head link[rel="manifest"][href$="manifest.json"]');
// so it can react correctly to user preferences (dark/light mode).
$html->assertElementExists('head link[rel="manifest"][href$="manifest.json"][crossorigin="use-credentials"]');
$html->assertElementExists('head meta[name="mobile-web-app-capable"][content="yes"]'); $html->assertElementExists('head meta[name="mobile-web-app-capable"][content="yes"]');
} }