0053065: Scope of the service worker must be restricted

Openbravo Issue Tracking System - Retail Modules

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0053065

Retail Modules

Web POS

public

2023-07-26 13:10

2023-07-26 16:49

Reporter

caristu

Assigned To

Retail

Priority

high

Severity

minor

Reproducibility

have not tried

Status

new

Resolution

open

Platform

OS Version

Product Version

Target Version

Fixed in Version

Merge Request Status

Review Assigned To

OBNetwork customer

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

Summary

0053065: Scope of the service worker must be restricted

Description

The scope defined for the service worker in enyo pos is '/'[1]. This means that
the service worker has control over the entire origin (i.e., all pages and assets within the same domain as the service worker). This is not correct as we only have to control the resources that affect to the specific application (enyopos, awo etc.)

[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/source/offline/ob-fetch-manifest.js#L174 [^]

Steps To Reproduce

One of the possible ways of checking that the scope is requesting more than it should:

0) Revert the change introduced here[1], which is a workaround to avoid this problem happen
1) In a new browser tab, open main Openbravo login page
2) In a second browser tab, open the enyopos login page
3) Clear the browsers cache, and refresh the enyopos login page, note that the service worker is not only requesting resources for the enyopos, but also it is requesting the login page of the backend (Security/Login URL).

[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/565 [^]

Proposed Solution

Additional Information