Skip to content

v1.0.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 01 Nov 18:39
1.0.0
0153083
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

1.0.0 (2024-11-01)

⚠ BREAKING CHANGES

The portal will now store authorization tokens in memory (previously localStorage) by default. This change underlines our commitment to providing a "secure by default" implementation.

How is In-Memory Storage More Secure?

When using our GitHub Template Repository to create a portal, your portal is automatically configured to deploy to GitHub Pages. Without a custom domain configuration, your application will be deployed to {username}.github.io/{repository-name}. Due to the same origin access policies of localStorage this means any application you1 deploy to GitHub pages would have access to items placed in localStorage by the portal. We believe this default behavior is the less secure option and can lead to unexpected behavior based on your GitHub account usage.

Explaining the Breaking Change

With this new default, the end-user experience around authorization will change to requiring users to authenticate when the portal's browser window is closed. Due to the nature of this change we have flagged this change as a "breaking change", resulting in a major version bump. While we do believe most users should update without making changes to their static.json file, we have included the ability to opt-in to the previous behavior of storing authorization information in localStorage. Before enabling this functionality, we recommend being aware of security best practices related to localStorage, using a custom domain for your portal to better lock down origin access, or having policies in place to avoid unintended access when using the default GitHub Pages domain.

To opt out of this change, a new property in the static.json has been added to enable localStorage storage of authorization data (data.attributes.features.useLocalStorage).

{
  "_static": {
    "generator": {
      "name": "@globus/static-search-portal"
    }
  },
  "data": {
    "version": "1.0.0",
    "attributes": {
      "features": {
        "useLocalStorage": true
      }
    }
 }
}

Features

  • Use in-memory based storage for authorization tokens, by default. (#235) (427d9e7)

Fixes

  • Improves result rendering to account for 404s on hard refresh. (#233) (2dc2bbc)

  1. localStorage is only available to applications on the same origin, which includes subdomain; Access is only shared with GitHub Pages applications or sites on the same account, not other GitHub account's deployments.

Assets 2
Loading