Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Service Worker matching external top-level URLs #3191

Merged
merged 6 commits into from
Jun 11, 2021
Merged

Fix Service Worker matching external top-level URLs #3191

merged 6 commits into from
Jun 11, 2021

Conversation

millennialdeveloper
Copy link
Contributor

@millennialdeveloper millennialdeveloper commented May 25, 2021
edited by tjwiebell
Loading

Description

At the moment the Service Worker matches any external top-level path (e.g. https://any.external.domain.com/?query_params) as a home url, as isHomeRoute makes a mere string equality check against url.pathname. This makes it return the index template for any such request.

I stumbled upon these while trying to load the script for Zendesk Chat, whose URL has the form https://v2.zopim.com/?APP_KEY_HASH.

This commit introduces an additional check to make sure that the URL origin matches the service worker origin, too, just as it would happen when passing a RegExp (bc of additional assumptions of workbox on the use of RegExps that only make them match on local URLS)

Related Issue

Acceptance

Verification Stakeholders

Verification Steps

  • Run fetch('https://v2.zopim.com/?foo',{mode: 'no-cors'}).then(data => console.log(data)) in the console
  • Verify that the service work doesn't intercept the request

Specification

Resolved issues:

  1. resolves [Issue] Fix Service Worker matching external top-level URLs #3193: Fix Service Worker matching external top-level URLs

@millennialdeveloper
Fix Service Worker matching external top-level URLs
efe28fe 
At the moment the Service Worker matches any external top-level path (e.g. https://any.external.domain.com/?query_params) as a home url, as `isHomeRoute` makes a mere string equality check against `url.pathname`.

I stumbled upon these while trying to load the script for Zendesk Chat, whose URL has the form `https://v2.zopim.com/?APP_KEY_HASH`.

This commit introduces an additional check to make sure that the URL origin matches the service worker origin, too, just as it would happen when passing a `RegExp` (bc of additional assumptions of workbox on the use of `RegExp`s that only make them match on local URLS)
@sirugh
Copy link
Contributor

sirugh commented May 25, 2021

@magento create issue from PR

@m2-assistant m2-assistant bot mentioned this pull request May 25, 2021
Closed
@PWAStudioBot
Copy link
Contributor

PWAStudioBot commented May 25, 2021
edited
Loading

Messages
📖 DangerCI Failures related to missing labels/description/linked issues/etc will persist until the next push or next nightly build run (assuming they are fixed).
📖

Access a deployed version of this PR here. Make sure to wait for the "pwa-pull-request-deploy" job to complete.

Generated by 🚫 dangerJS against 7895d27

revanth0212
revanth0212 reviewed May 25, 2021
View reviewed changes
packages/venia-concept/src/ServiceWorker/registerRoutes.js
@@ -83,7 +83,7 @@ export default function() {
* and the cycle repeats.
*/
registerRoute(
({ url }) => isHTMLRoute(url),
({ url }) => url.origin === self.location.origin && isHTMLRoute(url),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this needed? The SW only has access to routes under the scope, in this case, the domain that launched it.

Copy link
Contributor Author

@millennialdeveloper millennialdeveloper May 25, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know about the whole service worker implementation in pwa-studio, but from here it seems that workbox may intercept external resources.

And without this change the script was loading through the service worker. The network tab showing it with a gear icon, and the response being the index template.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this needed? The SW only has access to routes under the scope, in this case, the domain that launched it.

@revanth0212 I think, based on the link provided, if you pass a regex it will only match against the sw domain, but in our case we are intercepting all urls in the callback function.

Additionally, based on the isHomeRoute function it seems like ANY url without sub-paths ie www.google.com or zopim.com would return true so the SW would return our index. And if there was a sub path that happened to match the store code like www.google.com/en_us it would also return true and therefor our index file.

So if an external asset (like zen desk's js) is fetched from root, or if a file is requested from a path that is the first level that matches our store code, it will hit this sw route.

    if (url.pathname === '/') {
        return true;
    }

    // If store code is in the url, the home route will be url.com/view_code.
    // A trailing / may or may not follow.
    if (process.env.USE_STORE_CODE_IN_URL === 'true') {
        return AVAILABLE_STORE_VIEWS.some(
            ({ code }) =>
                url.pathname === `/${code}/` || url.pathname === `/${code}`
        );
    }
};```

sirugh
sirugh previously approved these changes Jun 1, 2021
View reviewed changes
Copy link
Contributor

@sirugh sirugh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a valid fix for an issue that we're lucky to have not encountered before. Thank you for your contribution!

I will approve it, but I do wonder if we need to apply a similar pattern to this route that also just uses a callback instead of regex.

Additionally, if you are able to test the new path that would be cool. If not, please let us know so we can write the test before this gets merged.

@sirugh sirugh added the version: Patch This changeset includes backwards compatible bug fixes. label Jun 1, 2021
millennialdeveloper added a commit to millennialdeveloper/pwa-studio that referenced this pull request Jun 2, 2021
@millennialdeveloper
PR magento#3191: add tests
c95ef4f
@millennialdeveloper
Copy link
Contributor Author

@sirugh i have no experience writing tests and it will be too long before I have proper time to learn

@sirugh
Copy link
Contributor

sirugh commented Jun 3, 2021

No worries! I like to give people the opportunity but if it's not something you have time to do, we can absolutely handle that. I see you already gave it a shot which looks great :)

Thanks again for your time - we will take it from here.

@tjwiebell
Copy link
Contributor

QA Pass ✅

I am getting MFTF failures for CartPageEditProductAndCheckout, but it appears the PR instance is serving the stale commit. Passes on a local, so not going to hold this up.

@tjwiebell tjwiebell merged commit ba769e3 into magento:develop Jun 11, 2021
@sharkySharks sharkySharks mentioned this pull request Jul 7, 2023
Open
@sharkySharks sharkySharks mentioned this pull request Aug 31, 2023
Open
@sharkySharks sharkySharks mentioned this pull request Nov 28, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@revanth0212 revanth0212 revanth0212 left review comments

@sirugh sirugh sirugh approved these changes

Assignees

@sirugh sirugh

@revanth0212 revanth0212

Labels
pkg:venia-concept Progress: done version: Patch This changeset includes backwards compatible bug fixes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Issue] Fix Service Worker matching external top-level URLs
5 participants
@millennialdeveloper @sirugh @PWAStudioBot @tjwiebell @revanth0212