Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||||||
| ID | ||||||||||||
| 0053065 | ||||||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
| defect | [Retail Modules] Web POS | minor | have not tried | 2023-07-26 13:10 | 2023-07-26 16:49 | |||||||
| Reporter | caristu | View Status | public | |||||||||
| Assigned To | Retail | |||||||||||
| Priority | high | Resolution | open | Fixed in Version | ||||||||
| Status | new | Fix in branch | Fixed in SCM revision | |||||||||
| Projection | none | ETA | none | Target Version | ||||||||
| OS | Any | Database | Any | Java version | ||||||||
| OS Version | Database version | Ant version | ||||||||||
| Product Version | SCM revision | |||||||||||
| Review Assigned To | ||||||||||||
| Regression level | ||||||||||||
| Regression date | ||||||||||||
| Regression introduced in release | ||||||||||||
| Regression introduced by commit | ||||||||||||
| Triggers an Emergency Pack | No | |||||||||||
| Summary | 0053065: Scope of the service worker must be restricted | |||||||||||
| Description | The scope defined for the service worker in enyo pos is '/'[1]. This means that the service worker has control over the entire origin (i.e., all pages and assets within the same domain as the service worker). This is not correct as we only have to control the resources that affect to the specific application (enyopos, awo etc.) [1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/source/offline/ob-fetch-manifest.js#L174 [^] | |||||||||||
| Steps To Reproduce | One of the possible ways of checking that the scope is requesting more than it should: 0) Revert the change introduced here[1], which is a workaround to avoid this problem happen 1) In a new browser tab, open main Openbravo login page 2) In a second browser tab, open the enyopos login page 3) Clear the browsers cache, and refresh the enyopos login page, note that the service worker is not only requesting resources for the enyopos, but also it is requesting the login page of the backend (Security/Login URL). [1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/565 [^] | |||||||||||
| Tags | No tags attached. | |||||||||||
| Attached Files | ||||||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||
|
|||||||||
 Relationships |
|
Notes |
|
| There are no notes attached to this issue. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2023-07-26 13:10 | caristu | New Issue | |
| 2023-07-26 13:10 | caristu | Assigned To | => Retail |
| 2023-07-26 13:10 | caristu | Triggers an Emergency Pack | => No |
| 2023-07-26 14:31 | caristu | Relationship added | related to 0052839 |
| 2023-07-26 16:48 | caristu | Steps to Reproduce Updated | View Revisions |
| 2023-07-26 16:49 | caristu | Steps to Reproduce Updated | View Revisions |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |