npm - web-manager - Versions diffs - 3.0.2 → 3.0.5 - Mend

web-manager 3.0.2 → 3.0.5

Files changed (2) hide show

package/index.js +18 -6
package/package.json +1 -1

package/index.js CHANGED Viewed

@@ -287,10 +287,17 @@ function Manager() {
     }
   }
+  function _isValidRedirectUrl(This, url) {
+    var returnUrlObject = new URL(decodeURIComponent(url));
+    var currentUrlObject = new URL(window.location.href);
+    return returnUrlObject.host === currentUrlObject.host
+      || returnUrlObject.protocol === This.properties.global.app + ':'
+  }
   function _authHandle_in_normal(This, user) {
     var domLib = This.dom();
     var returnUrl = This.properties.page.queryString.get('auth_redirect');
-    if (returnUrl) {
+    if (returnUrl && _isValidRedirectUrl(This, returnUrl)) {
       window.location.href = decodeURIComponent(returnUrl);
       return;
     }
@@ -615,17 +622,22 @@ function Manager() {
           This.properties.global.brand.name = configuration.global.brand.name;
           This.properties.meta.environment = utilities.get(configuration, 'global.settings.debug.environment', This.properties.meta.environment);
+          // This.properties.global.cacheBreaker = This.properties.meta.environment === 'development'
+          //   ? new Date().getTime()
+          //   : This.properties.global.cacheBreaker;
           // This.log('Config: ', options_user);
           // parse query stringify
           This.properties.page.queryString = new URLSearchParams(window.location.search);
           var pageQueryString = This.properties.page.queryString
           var pagePathname = window.location.pathname;
-          if (pageQueryString.get('aff')) {
-            This.storage().set('auth.affiliateCode', pageQueryString.get('aff'));
+          var qsAff = pageQueryString.get('aff');
+          if (qsAff) {
+            This.storage().set('auth.affiliateCode', qsAff);
           }
-          if (pageQueryString.get('redirect')) {
-            window.location.href = decodeURIComponent(pageQueryString.get('redirect'));
+          var qsRedirect = pageQueryString.get('redirect');
+          if (qsRedirect && _isValidRedirectUrl(This, qsRedirect)) {
+            window.location.href = decodeURIComponent(qsRedirect);
             return;
           }
           var authRegex = /\/(signin|signup|forgot)\//;
@@ -1162,7 +1174,7 @@ function Manager() {
     if (!('serviceWorker' in navigator) || !(typeof firebase.messaging !== 'undefined')) {return}
     // service worker guide: https://developers.google.com/web/updates/2018/06/fresher-sw
-    navigator.serviceWorker.register('/' + (options_user.serviceWorker.path || 'master-service-worker.js') + '?config=' + encodeURIComponent(JSON.stringify({name: This.properties.global.brand.name, env: This.properties.meta.environment, v: This.properties.global.version, firebase: options_user.libraries.firebase_app.config})) )
+    navigator.serviceWorker.register('/' + (options_user.serviceWorker.path || 'master-service-worker.js') + '?config=' + encodeURIComponent(JSON.stringify({name: This.properties.global.brand.name, app: This.properties.global.app, env: This.properties.meta.environment, v: This.properties.global.version, cb: This.properties.global.cacheBreaker, firebase: options_user.libraries.firebase_app.config})) )
     .then(function (registration) {
       // firebase.messaging().useServiceWorker(registration);
       // console.log('----TEST registration', registration);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "web-manager",
-  "version": "3.0.2",
+  "version": "3.0.5",
   "description": "Easily access important variables such as the query string, current domain, and current page in a single object.",
   "main": "index.js",
   "scripts": {