jeans/frontend
jeans/frontend
1
0
Fork 0
mirror of https://github.com/home-assistant/frontend.git synced 2025-07-27 19:26:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pass credentials (cookies e.g.) when loading JavaScript assets (#3259)

Browse Source 
The behavior of 'crossorigin' without a value is the same as
anonymous, which means user credentials such as cookies,
client-side SSL certificates or HTTP authentication will
not be passed on.

We want the preload links to work even when they are behind
a proxy that requires an authentication cookie, such as
Cloudflare Access (CF_Authorization), so we need to explicitly
send credentials with the "use-credentials" value.

ES modules are always fetched with CORS, with anonymous being
the default. Some browsers (Chromium) will realize that the
request is to the same origin, and send credentials anyways,
while others (Safari) will not, so we need to explicitly send
credentials to make sure they load in all cases.

See https://jakearchibald.com/2017/es-modules-in-browsers/
This commit is contained in:
Tor Arne Vestbø 2019-06-10 22:41:59 +02:00 committed by Paulus Schoutsen
parent 032ebce0bc
commit a396a4e666
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/html/authorize.html.template
View File

@ -2,7 +2,7 @@
<html lang="en">
<head>
<title>Home Assistant</title>
<link rel="preload" href="<%= latestPageJS %>" as="script" crossorigin />
<link rel="preload" href="<%= latestPageJS %>" as="script" crossorigin="use-credentials" />
<link
rel="preload"
href="/static/fonts/roboto/Roboto-Light.ttf"
@ -47,7 +47,7 @@
<%= renderTemplate('_js_base') %>
<script type="module">
<script type="module" crossorigin="use-credentials">
import "<%= latestPageJS %>";
import "<%= latestHassIconsJS %>";
window.providersPromise = fetch("/auth/providers", {

4
src/html/index.html.template
View File

@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="en">
<head>
<link rel="preload" href="<%= latestCoreJS %>" as="script" crossorigin />
<link rel="preload" href="<%= latestCoreJS %>" as="script" crossorigin="use-credentials" />
<link
rel="preload"
href="/static/fonts/roboto/Roboto-Regular.ttf"
@ -59,7 +59,7 @@
<%= renderTemplate('_js_base') %>
<script type="module">
<script type="module" crossorigin="use-credentials">
import "<%= latestCoreJS %>";
import "<%= latestAppJS %>";
import "<%= latestHassIconsJS %>";

4
src/html/onboarding.html.template
View File

@ -2,7 +2,7 @@
<html lang="en">
<head>
<title>Home Assistant</title>
<link rel="preload" href="<%= latestPageJS %>" as="script" crossorigin />
<link rel="preload" href="<%= latestPageJS %>" as="script" crossorigin="use-credentials" />
<link
rel="preload"
href="/static/fonts/roboto/Roboto-Light.ttf"
@ -49,7 +49,7 @@
<%= renderTemplate('_js_base') %>
<script type="module">
<script type="module" crossorigin="use-credentials">
import "<%= latestPageJS %>";
import "<%= latestHassIconsJS %>";
window.stepsPromise = fetch("/api/onboarding", {