Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Service Workers Invalid security token and Clear Site Data HTTP Heade…
…r (#4088) If a website has a Service Worker installed it would load and register before a User tries to login to the backend causing a "Invalid security token" message. This PR unregisters any installed Service Worker when a User opens the backend Signin webpage. I have also added the NEW Security Headers to add Protection to October's Cache and Cookies. This includes two new Middleware that first clears any bad cached data before a User tries to login and the second Middleware will clear all the sensitive User Data when a User signs out of the Backend. For more info on the new Security Header 'Clear Site Data' you can see the spec found here: https://www.w3.org/TR/clear-site-data/ Fixes #4076, fixes #3707.
- Loading branch information