Fix #171: SW navigation interception caused window-in-window after core update#175
Merged
Merged
Conversation
The PWA service worker intercepted every same-origin wp-admin navigation, including iframe loads, by calling `event.respondWith( fetch( req ) )`. Chrome rewrites `Sec-Fetch-Dest` from `iframe` to `empty` when a service worker forwards a navigation that way, so the Sec-Fetch fallback in `desktop_mode_is_chromeless_request()` could not recognise the request as iframe-bound. The plain-admin to portal redirect then fired inside the chromeless iframe and rendered the entire desktop shell inside an existing window. The user-visible trigger was Dashboard, Updates, Update to latest 7.1 nightly: WP core finishes the upgrade with `window.location = about.php?updated` from inside the iframe, hitting exactly that path. Limit the SW navigation handler to top-level navigations (`req.destination === 'document'`). Iframe navigations pass through to the browser, which keeps `Sec-Fetch-Dest: iframe` intact, so the chromeless detection works and no portal redirect fires. The offline fallback is unaffected because it is meaningful only for the top-level desktop shell page.
✅ WordPress Plugin Check Report
📊 ReportAll checks passed! No errors or warnings found. 🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
event.respondWith( fetch( req ) )for an iframe load, Chrome forwarded the request withSec-Fetch-Dest: emptyinstead ofiframe. The Sec-Fetch fallback indesktop_mode_is_chromeless_request()only matchesiframe, so the plain-admin to portal redirect fired inside the iframe and rendered the desktop shell on top of itself.window.location = about.php?updatedfrom inside the iframe, exercising exactly that path. Any same-origin iframe navigation that lost thedesktop_mode_chromeless=1flag would hit the same bug.req.destination === 'document'). The offline fallback is meaningful only for the top-level desktop shell page, so iframe-targeted offline support was not lost.Before
After clicking Update to latest 7.1 nightly:
Visible result: a second WP admin chrome bar and a second WP Updates window rendered inside the original window.
After
The About WordPress page loads cleanly inside the existing WP Updates window.
How to verify
wp-admin/update-core.phpinside Desktop Mode (running against a dev/nightly WP install).Test plan
/desktop-mode/offline)npm run lint./node_modules/.bin/tsc --noEmitnpm run test:js(131 files, 1115 tests pass)Fixes #171