diff --git a/client/model.go b/client/model.go index e92c9b10..57ec7a38 100644 --- a/client/model.go +++ b/client/model.go @@ -42,11 +42,11 @@ type User struct { DefaultHomePage string `json:"default_home_page"` CategoriesSortingOrder string `json:"categories_sorting_order"` MarkReadOnView bool `json:"mark_read_on_view"` - CacheForOffline bool `json:"cache_for_offline"` MediaPlaybackRate float64 `json:"media_playback_rate"` BlockFilterEntryRules string `json:"block_filter_entry_rules"` KeepFilterEntryRules string `json:"keep_filter_entry_rules"` ExternalFontHosts string `json:"external_font_hosts"` + CacheForOffline bool `json:"cache_for_offline"` } func (u User) String() string { diff --git a/internal/http/response/builder.go b/internal/http/response/builder.go index e2001a82..c3d554b9 100644 --- a/internal/http/response/builder.go +++ b/internal/http/response/builder.go @@ -100,7 +100,7 @@ func (b *Builder) Write() { func (b *Builder) writeHeaders() { b.headers["X-Content-Type-Options"] = "nosniff" b.headers["X-Frame-Options"] = "DENY" - b.headers["Referrer-Policy"] = "no-referrer" + b.headers["Referrer-Policy"] = "strict-origin" for key, value := range b.headers { b.w.Header().Set(key, value) diff --git a/internal/reader/sanitizer/sanitizer.go b/internal/reader/sanitizer/sanitizer.go index 23a59438..fd4a8892 100644 --- a/internal/reader/sanitizer/sanitizer.go +++ b/internal/reader/sanitizer/sanitizer.go @@ -241,7 +241,7 @@ func sanitizeAttributes(baseURL, tagName string, attributes []html.Attribute) ([ func getExtraAttributes(tagName string) ([]string, []string) { switch tagName { case "a": - return []string{"rel", "target", "referrerpolicy"}, []string{`rel="noopener noreferrer"`, `target="_blank"`, `referrerpolicy="no-referrer"`} + return []string{"rel", "target", "referrerpolicy"}, []string{`rel="noopener noreferrer"`, `target="_blank"`, `referrerpolicy="strict-origin"`} case "video", "audio": return []string{"controls"}, []string{"controls"} case "iframe": diff --git a/internal/template/templates/views/entry.html b/internal/template/templates/views/entry.html index 0d507a28..42a46cc6 100644 --- a/internal/template/templates/views/entry.html +++ b/internal/template/templates/views/entry.html @@ -4,7 +4,7 @@

- {{ .entry.Title }} + {{ .entry.Title }}

{{ if .user }}
@@ -79,7 +79,7 @@ class="page-link" target="_blank" rel="noopener noreferrer" - referrerpolicy="no-referrer" + referrerpolicy="strict-origin" data-original-link="{{ .user.MarkReadOnView }}">{{ icon "external-link" }}{{ t "entry.external_link.label" }}
  • @@ -98,7 +98,7 @@ title="{{ t "entry.comments.title" }}" target="_blank" rel="noopener noreferrer" - referrerpolicy="no-referrer" + referrerpolicy="strict-origin" data-comments-link="true" >{{ icon "comment" }}{{ t "entry.comments.label" }}
    • @@ -232,7 +232,7 @@ {{ end }}
    - {{ .URL | safeURL }} + {{ .URL | safeURL }} {{ if gt .Size 0 }} - {{ formatFileSize .Size }}{{ end }}
    diff --git a/internal/ui/static/js/service_worker.js b/internal/ui/static/js/service_worker.js index 95ea8905..7141bc9f 100644 --- a/internal/ui/static/js/service_worker.js +++ b/internal/ui/static/js/service_worker.js @@ -3,13 +3,24 @@ const OFFLINE_VERSION = 2; const CACHE_NAME = "offline"; +const cachedPages = [ + "/unread", + "/starred", + "/stylesheets", + "/app", + "/service-worker", + "/manifest.json", + "/feed/icon", + "/icon", +]; + self.addEventListener("install", (event) => { event.waitUntil( (async () => { const cache = await caches.open(CACHE_NAME); if (USE_CACHE) { - await cache.addAll(["/", "/unread", OFFLINE_URL]); + await cache.addAll(["/", "/unread", "/starred", OFFLINE_URL]); } else { // Setting {cache: 'reload'} in the new request will ensure that the // response isn't fulfilled from the HTTP cache; i.e., it will be from @@ -49,12 +60,20 @@ async function cacheFirstWithRefresh(request) { return networkResponse; }); - return (await cache.match(request)) || (await fetchResponsePromise); + try { + return (await cache.match(request)) || (await fetchResponsePromise); + } catch (error) { + const cache = await caches.open(CACHE_NAME); + return await cache.match(OFFLINE_URL); + } } self.addEventListener("fetch", (event) => { if (USE_CACHE) { - return event.respondWith(cacheFirstWithRefresh(event.request)); + const url = new URL(event.request.url); + if (cachedPages.some((page) => url.pathname.startsWith(page))) { + return event.respondWith(cacheFirstWithRefresh(event.request)); + } } // We proxify requests through fetch() only if we are offline because it's slower.