Add a version hash for asset loading to prevent browser's cache issue

The hash is generated using the same salt as the one used for credentials (1 salt per instance)  in order to avoid exposing the instance version.

Fixes #965
This commit is contained in:
ArthurHoaro 2017-10-01 11:02:48 +02:00
parent a59bbf50d7
commit bfe4f536bb
4 changed files with 30 additions and 10 deletions

View file

@ -220,4 +220,19 @@ public static function checkResourcePermissions($conf)
return $errors; return $errors;
} }
/**
* Returns a salted hash representing the current Shaarli version.
*
* Useful for assets browser cache.
*
* @param string $currentVersion of Shaarli
* @param string $salt User personal salt, also used for the authentication
*
* @return string version hash
*/
public static function getVersionHash($currentVersion, $salt)
{
return hash_hmac('sha256', $currentVersion, $salt);
}
} }

View file

@ -76,6 +76,10 @@ private function initialize()
$this->tpl->assign('searchcrits', $searchcrits); $this->tpl->assign('searchcrits', $searchcrits);
$this->tpl->assign('source', index_url($_SERVER)); $this->tpl->assign('source', index_url($_SERVER));
$this->tpl->assign('version', shaarli_version); $this->tpl->assign('version', shaarli_version);
$this->tpl->assign(
'version_hash',
ApplicationUtils::getVersionHash(SHAARLI_VERSION, $this->conf->get('credentials.salt'))
);
$this->tpl->assign('scripturl', index_url($_SERVER)); $this->tpl->assign('scripturl', index_url($_SERVER));
$this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links? $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links?
$this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly'])); $this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly']));
@ -89,6 +93,7 @@ private function initialize()
$this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss');
$this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false));
$this->tpl->assign('token', getToken($this->conf)); $this->tpl->assign('token', getToken($this->conf));
if ($this->linkDB !== null) { if ($this->linkDB !== null) {
$this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); $this->tpl->assign('tags', $this->linkDB->linksCountPerTag());
} }

View file

@ -5,16 +5,16 @@
<link rel="alternate" type="application/atom+xml" href="{$feedurl}?do=atom{$searchcrits}#" title="ATOM Feed" /> <link rel="alternate" type="application/atom+xml" href="{$feedurl}?do=atom{$searchcrits}#" title="ATOM Feed" />
<link rel="alternate" type="application/rss+xml" href="{$feedurl}?do=rss{$searchcrits}#" title="RSS Feed" /> <link rel="alternate" type="application/rss+xml" href="{$feedurl}?do=rss{$searchcrits}#" title="RSS Feed" />
<link href="img/favicon.png" rel="shortcut icon" type="image/png" /> <link href="img/favicon.png" rel="shortcut icon" type="image/png" />
<link type="text/css" rel="stylesheet" href="css/pure.min.css" /> <link type="text/css" rel="stylesheet" href="css/pure.min.css?v={$version_hash}" />
<link type="text/css" rel="stylesheet" href="css/grids-responsive.min.css"> <link type="text/css" rel="stylesheet" href="css/grids-responsive.min.css?v={$version_hash}">
<link type="text/css" rel="stylesheet" href="css/pure-extras.css"> <link type="text/css" rel="stylesheet" href="css/pure-extras.css?v={$version_hash}">
<link type="text/css" rel="stylesheet" href="css/font-awesome.min.css" /> <link type="text/css" rel="stylesheet" href="css/font-awesome.min.css?v={$version_hash}" />
<link type="text/css" rel="stylesheet" href="inc/awesomplete.css#" /> <link type="text/css" rel="stylesheet" href="inc/awesomplete.css?v={$version_hash}#" />
<link type="text/css" rel="stylesheet" href="css/shaarli.css" /> <link type="text/css" rel="stylesheet" href="css/shaarli.css?v={$version_hash}" />
{if="is_file('data/user.css')"} {if="is_file('data/user.css')"}
<link type="text/css" rel="stylesheet" href="data/user.css#" /> <link type="text/css" rel="stylesheet" href="data/user.css#" />
{/if} {/if}
{loop="$plugins_includes.css_files"} {loop="$plugins_includes.css_files"}
<link type="text/css" rel="stylesheet" href="{$value}#"/> <link type="text/css" rel="stylesheet" href="{$value}?v={$version_hash}#"/>
{/loop} {/loop}
<link rel="search" type="application/opensearchdescription+xml" href="?do=opensearch#" title="Shaarli search - {$shaarlititle}"/> <link rel="search" type="application/opensearchdescription+xml" href="?do=opensearch#" title="Shaarli search - {$shaarlititle}"/>

View file

@ -27,6 +27,6 @@
<script src="{$value}#"></script> <script src="{$value}#"></script>
{/loop} {/loop}
<script src="js/shaarli.js"></script> <script src="js/shaarli.js?v={$version_hash}"></script>
<script src="inc/awesomplete.js#"></script> <script src="inc/awesomplete.js?v={$version_hash}#"></script>
<script src="inc/awesomplete-multiple-tags.js#"></script> <script src="inc/awesomplete-multiple-tags.js?v={$version_hash}#"></script>