This application adds scripts to all pages in the boot method.
The script https://github.com/finally-coffee/nextcloud-pride-flags/blob/main/js/pride.js is as a result loaded even on login and public pages.
This script triggers a request to /apps/pride_flags/settings, which is not a public endpoint.
This will break login flow in some cases, because the forbidden request will kill the session.
Possible solutions:
- Use an initial state for settings instead
- Only register the script on private pages, that requires listening to
BeforeTemplateRenderedEvent, example: https://github.com/nextcloud/notifications/blob/master/lib/AppInfo/Application.php#L46 and https://github.com/nextcloud/notifications/blob/master/lib/Listener/BeforeTemplateRenderedListener.php#L45-L47
This application adds scripts to all pages in the
bootmethod.The script https://github.com/finally-coffee/nextcloud-pride-flags/blob/main/js/pride.js is as a result loaded even on login and public pages.
This script triggers a request to
/apps/pride_flags/settings, which is not a public endpoint.This will break login flow in some cases, because the forbidden request will kill the session.
Possible solutions:
BeforeTemplateRenderedEvent, example: https://github.com/nextcloud/notifications/blob/master/lib/AppInfo/Application.php#L46 and https://github.com/nextcloud/notifications/blob/master/lib/Listener/BeforeTemplateRenderedListener.php#L45-L47