Fix redirect loop: tambah guard lebih ketat di semua file, hapus redirect di .htaccess public
This commit is contained in:
mwpn
32
public/.htaccess
Normal file
32
public/.htaccess
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
# Apache URL Rewrite untuk Retribusi Frontend (di folder public)
|
||||||
|
# Hanya untuk security headers dan cache, TIDAK ada redirect
|
||||||
|
|
||||||
|
# Security headers
|
||||||
|
<IfModule mod_headers.c>
|
||||||
|
# Prevent clickjacking
|
||||||
|
Header set X-Frame-Options "SAMEORIGIN"
|
||||||
|
|
||||||
|
# XSS Protection
|
||||||
|
Header set X-XSS-Protection "1; mode=block"
|
||||||
|
|
||||||
|
# Content Type Options
|
||||||
|
Header set X-Content-Type-Options "nosniff"
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
# Cache static assets
|
||||||
|
<IfModule mod_expires.c>
|
||||||
|
ExpiresActive On
|
||||||
|
ExpiresByType text/css "access plus 1 year"
|
||||||
|
ExpiresByType application/javascript "access plus 1 year"
|
||||||
|
ExpiresByType image/png "access plus 1 year"
|
||||||
|
ExpiresByType image/jpg "access plus 1 year"
|
||||||
|
ExpiresByType image/jpeg "access plus 1 year"
|
||||||
|
ExpiresByType image/gif "access plus 1 year"
|
||||||
|
ExpiresByType image/svg+xml "access plus 1 year"
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
# Gzip compression
|
||||||
|
<IfModule mod_deflate.c>
|
||||||
|
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
@@ -236,8 +236,15 @@
|
|||||||
|
|
||||||
// Check auth
|
// Check auth
|
||||||
if (!Auth.isAuthenticated()) {
|
if (!Auth.isAuthenticated()) {
|
||||||
|
const currentPath = window.location.pathname.toLowerCase();
|
||||||
|
const isLoginPage = currentPath.includes('index.php') ||
|
||||||
|
currentPath === '/' ||
|
||||||
|
currentPath === '/index.php';
|
||||||
|
// Hanya redirect jika belum di login page
|
||||||
|
if (!isLoginPage) {
|
||||||
window.location.href = '../index.php';
|
window.location.href = '../index.php';
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Logout handler
|
// Logout handler
|
||||||
document.getElementById('logout-button')?.addEventListener('click', () => {
|
document.getElementById('logout-button')?.addEventListener('click', () => {
|
||||||
|
|||||||
@@ -41,9 +41,14 @@ async function apiRequest(path, options = {}) {
|
|||||||
localStorage.removeItem('token');
|
localStorage.removeItem('token');
|
||||||
localStorage.removeItem('user');
|
localStorage.removeItem('user');
|
||||||
// Cek apakah sudah di login page untuk menghindari redirect loop
|
// Cek apakah sudah di login page untuk menghindari redirect loop
|
||||||
const currentPath = window.location.pathname;
|
const currentPath = window.location.pathname.toLowerCase();
|
||||||
const isLoginPage = currentPath.includes('index.php') || currentPath === '/' || currentPath.endsWith('/');
|
const isLoginPage = currentPath.includes('index.php') ||
|
||||||
if (!isLoginPage) {
|
currentPath === '/' ||
|
||||||
|
currentPath === '/index.php' ||
|
||||||
|
currentPath.endsWith('/') ||
|
||||||
|
currentPath === '';
|
||||||
|
// Hanya redirect jika benar-benar di halaman dashboard, bukan di login page
|
||||||
|
if (!isLoginPage && currentPath.includes('dashboard')) {
|
||||||
window.location.href = '../index.php';
|
window.location.href = '../index.php';
|
||||||
}
|
}
|
||||||
throw new Error('Unauthorized');
|
throw new Error('Unauthorized');
|
||||||
|
|||||||
@@ -696,10 +696,16 @@ document.addEventListener('DOMContentLoaded', async () => {
|
|||||||
// Require auth
|
// Require auth
|
||||||
if (!Auth.isAuthenticated()) {
|
if (!Auth.isAuthenticated()) {
|
||||||
// Cek apakah sudah di login page untuk mencegah redirect loop
|
// Cek apakah sudah di login page untuk mencegah redirect loop
|
||||||
const currentPath = window.location.pathname;
|
const currentPath = window.location.pathname.toLowerCase();
|
||||||
const isLoginPage = currentPath.includes('index.php') || currentPath === '/' || currentPath.endsWith('/');
|
const isLoginPage = currentPath.includes('index.php') ||
|
||||||
if (!isLoginPage) {
|
currentPath === '/' ||
|
||||||
// Redirect ke login hanya jika belum di login page
|
currentPath === '/index.php' ||
|
||||||
|
currentPath.endsWith('/') ||
|
||||||
|
currentPath === '';
|
||||||
|
|
||||||
|
// JANGAN redirect jika sudah di login page atau root
|
||||||
|
if (!isLoginPage && currentPath.includes('dashboard')) {
|
||||||
|
// Hanya redirect jika benar-benar di halaman dashboard
|
||||||
window.location.href = '../index.php';
|
window.location.href = '../index.php';
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
|
|||||||
@@ -570,8 +570,15 @@
|
|||||||
|
|
||||||
// Check auth
|
// Check auth
|
||||||
if (!Auth.isAuthenticated()) {
|
if (!Auth.isAuthenticated()) {
|
||||||
|
const currentPath = window.location.pathname.toLowerCase();
|
||||||
|
const isLoginPage = currentPath.includes('index.php') ||
|
||||||
|
currentPath === '/' ||
|
||||||
|
currentPath === '/index.php';
|
||||||
|
// Hanya redirect jika belum di login page
|
||||||
|
if (!isLoginPage) {
|
||||||
window.location.href = '../index.php';
|
window.location.href = '../index.php';
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Logout handler
|
// Logout handler
|
||||||
document.getElementById('logout-button')?.addEventListener('click', () => {
|
document.getElementById('logout-button')?.addEventListener('click', () => {
|
||||||
|
|||||||
Reference in New Issue
Block a user