-
Notifications
You must be signed in to change notification settings - Fork 24.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ServiceWorker doesn't update index.html
when headers (e.g. CSP) change
#37390
Comments
Thx for reporting this, @wibimaster. Can you please clarify what you mean by "Let the service worker trying to do a cache burst"? |
@gkalpak I write a loop following the documentation to call this every five seconds, for testing purpose ;)
|
I see. In that case, the SW will not re-request the files and get the new headers. Since we are talking about hashed asset requests (i.e. requests for files that exist at build time, not some dynamically generated API request), the SW only cares about their content. Among other reasons, it is because it uses the content hash to ensure that a specific file version corresponds to an app version (as specified in the corresponding What is your usecase? Why do you care about headers of static assets? |
My specific use case is about CSP headers ; if I change them because of a bug, too strict, or whatever, the application is locked in a bad state... Not all static assets are concerned : mainly "index.html" because it loads main javascript files. |
index.html
when headers (e.g. CSP) change
Oh, I see. That sounds like a valid usecase indeed. If it's only about In the meantime, a work-around for |
@gkalpak Just want to bring this back up as a possible thing to address. We are hitting the same issue, I'm guessing as CSP becomes more standard this issue is going to become more problematic. There is another ticket #37631 which is closely related. Overall focusing on proper CSP support and documentation may be a good thing. |
Can someone confirm that this is only about ngsw.json > index or whether other resources are affected as well? Also, does anyone happen to know how other SW implementation (such as Workbox) handle this (if at all)? |
@gkalpak I'm having a same issue as well. My use case is similar. I have an Angular web app that uses Angular Service Worker. I then have the needs to add some CSP headers (to allow our web to download some images from a new source) to our web server configuration (in our case it's IIS). However the service worker won't pick up the newly added CSP headers unless we manually unregister the service worker or clear our browser cache (which we unfortunately cannot ask our end users to do). This creates a broken state because our application needs to download some additional images but were restricted in the old CSP headers. If I bypass the service worker by checking the "Bypass Service Worker" checkbox in Chrome Dev Tools -> Application -> Service Worker, then everything works. My current workaround is during build process I copy the ngsw-worker.js into ngsw-worker-v2.js and copy safety-worker.js into ngsw-worker.js. And in our app.module.ts we just register "./ngsw-worker-v2.js". This would allow the browsers to unregister old service workers and register new service workers which at that point refresh all the CSP headers. However it is a workaround so it's not ideal I think. |
@anhhnguyen206, does the workaround mentioned in #37390 (comment) work for you? |
@gkalpak I tried that and it didn't work. I confirmed the hash for index.html is also different. |
@gkalpak and @anhhnguyen206 I have a theory but it might be due to my misunderstanding of how service workers function. The CSP headers need to be located on the file that makes the calls correct? If so, one concern I have is the ngsw-worker.js file itself. If the service worker makes a fetch then it will violate the connect-src policy if the headers returned on the ngsw-worker.js file are old. So you ask yourself when will the ngsw-worker.js update? I don't know :) I'm guessing that code does not change often and it is not part of the ngsw.json manifest. Could this be part of the issue? |
@anhhnguyen206: (It is also possible that you have not configured the SW correctly wrt CSP headers. See below for some references that might help 👇) @dsm0880: Also #31330 has some info (and links to more resources) explaining how CSP headers must be configured for the SW script intself (in order to be able to serve CSP-restricted resources from the page). I'm afraid, in order to be able to make any progress on this, we'll need:
|
In those cases, it's often best to create a GitHub repository and put the reproduction steps and details in the README. |
Are there are any updates on this? I also experienced similar issue. In my case I generate random CSP dynamically at server level for each It would be nice if service worker could update cached |
I haven't seen any updates since my last comment #37390 (comment) 😉 If you want to hit the server on each navigation request, you can use the navigationRequestStrategy configuration option, @ahimik. |
I'm currently experiencing the same problem. |
Same problem here too |
Definitely still an issue |
Still an issue |
🐞 bug report
Affected Package
The issue is caused by package @angular/service-worker:9.1.7
Is this a regression?
Nope, seems to always been there
Description
Supposition: It seems that the service worker use body response only to generate its hash, corresponding to versioned resources ; update some headers server side doesn't update these hashes and resources are served with old headers.
🔬 Minimal Reproduction
When deploying Angular application with service-worker (default configuration):
add_header X-OneThing "hello there"
Sorry but cannot do a stackblitz with that :/
🔥 Exception or Error
None
🌍 Your Environment
Angular Version:
The text was updated successfully, but these errors were encountered: