FIX: Remove all service workers from Apple devices *again*

FIX: Remove all service workers from Apple devices again

There is a bug that when Safari starts up, and reloads the tabs from the previous session and there is a service worker registered for the scope of the document, all cookies marked as SameSite=Lax won’t be sent in the request.

This puts Discourse in a very broken state, where:

  • You appear as a anon user
  • Subsequent xhr requests will come with logged in data
  • Refreshing doesn’t log you in (cookies are still not sent)
  • Clicking on the address bar and hitting enter, will log you in (as it will finally send those damn SameSite=Lax cookies.

Looks a lot like a corner case missed by the fix at Changeset 241918 – WebKit

diff --git a/app/assets/javascripts/discourse/initializers/register-service-worker.js.es6 b/app/assets/javascripts/discourse/initializers/register-service-worker.js.es6
index 92ae988..b78044e 100644
--- a/app/assets/javascripts/discourse/initializers/register-service-worker.js.es6
+++ b/app/assets/javascripts/discourse/initializers/register-service-worker.js.es6
@@ -9,7 +9,9 @@ export default {
     const isSupported = isSecured && "serviceWorker" in navigator;
 
     if (isSupported) {
-      if (Discourse.ServiceWorkerURL) {
+      const isApple = !!navigator.platform.match(/(Mac|iPhone|iPod|iPad)/i);
+
+      if (Discourse.ServiceWorkerURL && !isApple) {
         navigator.serviceWorker.getRegistrations().then(registrations => {
           for (let registration of registrations) {
             if (

GitHub sha: 2a0cd066

2 Likes

@Falco what do you think about switching the isApple check here to:

const isApple = !!navigator.vendor.match(/Apple/i);

This would allow service workers on non-Safari browsers in Macs to work, but still disable service workers for iOS browsers (including Chrome).

1 Like

Sounds like a good idea! Maybe we should match Safari?

2 Likes

This should do it, check it out please:

2 Likes