Add way for us to respond with clear-site-data: "cache"

Author: GarboMuffin

src/cookies.js

@@ -0,0 +1,28 @@
+/**
+ * @param {import("express").Request} req
+ * @returns {Map<string, string>}
+ */
+const parseCookies = (req) => {
+    const header = req.header('cookie');
+    if (typeof header === 'undefined') {
+        return new Map();
+    }
+
+    if (header.length > 1000) {
+        return new Map();
+    }
+
+    // maybe not fully spec compliant, but it's good enough for what we use this for
+    const cookies = new Map();
+    for (const part of header.split(';')) {
+        const equalsIndex = part.indexOf('=');
+        if (equalsIndex !== -1) {
+            const name = part.substring(0, equalsIndex).trim();
+            const value = part.substring(equalsIndex + 1).trim();
+            cookies.set(name, value);
+        }
+    }
+    return cookies;
+};
+
+module.exports = parseCookies;

src/server.js

@@ -13,6 +13,7 @@ const logger = require('./logger');
 const environment = require('./environment');
 const isSpider = require('./spider');
 const ScratchAPI = require('./scratch-api');
+const parseCookies = require('./cookies');
 
 const notFoundFile = fs.readFileSync(path.join(__dirname, '404.html'));
 const userPageFile = fs.readFileSync(path.join(__dirname, 'userpage.html'));
@@ -128,6 +129,12 @@ app.use((req, res, next) => {
     return;
   }
 
+  const cookies = parseCookies(req);
+  if (cookies.get('tw_clear_cache_once') === '1') {
+    res.header('Clear-Site-Data', '"cache"');
+    res.header('Set-Cookie', 'tw_clear_cache_once=; max-age=0; path=/; samesite=strict; secure');
+  }
+
   const host = hosts[hostname];
   const branches = host.branches;
   const path = req.path;

test/clear-cache.test.js

@@ -0,0 +1,24 @@
+const supertest = require('supertest');
+const app = require('../src/server');
+const request = supertest(app);
+
+it('does not serve clear-site-data by default', async () => {
+  const data = await request.get('/').set('Host', 'localhost');
+  expect(data.headers['clear-site-data']).toBeUndefined();
+});
+
+it('servers clear-site-data for cookie', async () => {
+  await request.get('/')
+    .set('Host', 'localhost')
+    .set('Cookie', 'tw_clear_cache_once=1')
+    .expect('clear-site-data', '"cache"')
+    .expect('set-cookie', /tw_clear_cache_once=;/);
+});
+
+it('servers clear-site-data for slightly strange cookie', async () => {
+  await request.get('/')
+    .set('Host', 'localhost')
+    .set('Cookie', 'a = b  ; tw_clear_cache_once = 1     ; c=   d')
+    .expect('clear-site-data', '"cache"')
+    .expect('set-cookie', /tw_clear_cache_once=;/);
+});

www/index.html

@@ -1,3 +1,22 @@
-index.html (no encoding)
 <head></head>
-<script src="js/test.js"></script>
+<body>
+    <p>
+        index.html (no encoding)
+    </p>
+
+    <p>
+        <button onclick="hardRefresh()">Activate template.ejs-style hardRefresh()</button>
+    </p>
+    <script>
+        function hardRefresh() {
+            var search = location.search.replace(/[?&]nocache=[\d.]+(?=$|&)/, '');
+            // This is a functional cookie used so that we respond with Clear-Site-Data just once. No tracking.
+            // Can't use nocache parameter to trigger this because people might accidentally bookmark that, and
+            // then we would be clearing their cache on every visit.
+            document.cookie = 'tw_clear_cache_once=1; max-age=60; path=/; samesite=strict; secure';
+            location.replace(location.pathname + search + (search ? '&' : '?') + 'nocache=' + Math.floor(Math.random() * 10000000));
+        }
+    </script>
+
+    <script src="js/test.js"></script>
+</body>