diff --git a/modules/backend/assets/js/auth/uninstall-sw.js b/modules/backend/assets/js/auth/uninstall-sw.js new file mode 100644 index 000000000..eb48b3938 --- /dev/null +++ b/modules/backend/assets/js/auth/uninstall-sw.js @@ -0,0 +1,10 @@ +// Only run on HTTPS connections +if (location.protocol === 'https:') { + // Unregister all service workers before signing in to prevent cache issues + navigator.serviceWorker.getRegistrations().then( + function(registrations) { + for (let registration of registrations) { + registration.unregister(); + } + }); +} \ No newline at end of file diff --git a/modules/backend/controllers/Auth.php b/modules/backend/controllers/Auth.php index 849a2675f..b8a38a0af 100644 --- a/modules/backend/controllers/Auth.php +++ b/modules/backend/controllers/Auth.php @@ -32,6 +32,26 @@ class Auth extends Controller public function __construct() { parent::__construct(); + + $this->middleware(function ($request, $next) { + $response = $next($request); + // Clear Cache and any previous data to fix Invalid security token issue, see github: #3707 + $response->headers->set('Cache-Control', 'no-cache, no-store, must-revalidate'); + return $response; + })->only('signin'); + + // Only run on HTTPS connections + if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on") { + $this->middleware(function ($request, $next) { + $response = $next($request); + // Add HTTP Header 'Clear Site Data' to remove all Sensitive Data when signout, see github issue: #3707 + $response->headers->set('Clear-Site-Data', 'cache, cookies, storage, executionContexts'); + return $response; + })->only('signout'); + } + + // Add JS File to un-install SW to avoid Cookie Cache Issues when Signin, see github issue: #3707 + $this->addJs(url("/modules/backend/assets/js/auth/uninstall-sw.js")); $this->layout = 'auth'; } @@ -212,4 +232,4 @@ class Auth extends Controller return Backend::redirect('backend/auth/signin'); } -} +} \ No newline at end of file