Service Worker caches admin toolbar and contextual links

I notice this too as it caches the html that's rendered to an admin on D8. But it only effects admin users who have access to admin toolbar and usually resets on a page refresh when back online.

Are we walking about public pages that have admin-enabled portions? Short-term workaround: consider removing the access_pwa permission for admins. As it is designed at the moment, the PWA is only intended for and tested against anonymous visitors. Caching for authenticated users is another challenge.

If you have any thoughts regarding how we can intelligently cache this for a logged-in user we'd be open to discuss how that can be solved. Over the years we have discussed it a few times and it's unfortunately not obvious to me how we solve it.

The fetch event listener does not have to work solely on the basis of URL path. Perhaps if Drupal core outputs another reliable signal on every request to a logged-in user we could partition the cache based on that aspect of the HTTP responses.

This would be the conditional to alter. We're doing a very simple check for response.ok but it could be anything.

https://git.drupalcode.org/project/pwa/blob/b343f48e2404bfc1169879c91a7b...

I took a look around the one D8 site I had at my disposal and noticed that on pages with the toolbar, I get a Cache-Control Header that seems like it could be useful:

# anonymous traffic
Cache-Control: max-age=900, public

# user/1 looks at same page
Cache-Control: no-cache, no-store, must-revalidate

At first glance, it seems like a reliable signal we could make use of. As long as it comes from core, I'd be open to integrating it into the SW network strategy functions.

Thanks for the suggestion rupl, I need to take a look at the D7 version again and see how it's handling the `access_pwa` permission to the SW, your solution should solve this issue of caching anonymous pages for admin the role.

To your other point, maybe the caching for authenticated users could be done like, #3060726: Add support for a second service worker.

This is not really the same as the above issue posted. But it addresses the broader question of caching for authenticated users, a common use-case.

took care of it in the 7.x-2.x branch by sending a clear-site-data header on user logout.

Could work like this in 8.x-1.x branch ...

Less elegant in D8 :p

But object oriented. :P

Unable to reproduce problem:

- Install and enable PWA 1.4
- Config PWA: Urls to cache: "/"
- View homepage as User 1
- Logout via NAV link
- Turn off network in Chrome 88 DevTools
- See standard homepage with "Login link"
- Refresh page and see same
- Clicking "Login" displays offline page
- Attempt to "search" displays offline page

Am I missing something?

OK ... can reproduce. I needed to create a new node first.

- Install and enable PWA 1.4
- Config PWA: Urls to cache: "/"
- Create article content: 'node/1'
- View page: 'node/1'
- Logout out
- Turn off network
- Visit: 'node/1'
- 🐛 Displays "admin" version of page with admin_toolbar and edit/delete/revision tabs.

Patch #8 fails. Need to remove "PWAController" reference.

Checking patch pwa.module...
error: while searching for:
 * PWA hooks.
 */
use Drupal\Core\Url;
use Drupal\pwa\Controller\PWAController;


error: patch failed: pwa.module:5
error: pwa.module: patch does not apply

One addition I'd recommend to the patch in #8 is to implement hook_user_logout() to ensure other methods of logging out a user also cause the header to be sent, e.g. an admin action or via Drush. Of course, this now means that you can't guarantee that the current user is the one being logged out, so you'd have to queue this somehow to be sent the next time the logged out user's Service Worker is online and send it then.

@AlexBorsody Um, looks like the actual patch file got committed in that last merge request. Very meta, but I suspect it wasn't intentional, so opening another merge request to delete it.

@AlexBorsody, @nod_ and @Daniel Kulbe sadly seems this caused a regression: #3279305: Log in / log out problems in Chrome

Could you perhaps have a short look at #3279305: Log in / log out problems in Chrome if you have an idea?

Sending the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data causes login / logout issues in Chrome.