kangmin/Retribusi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix redirect loop: tambah guard lebih ketat di semua file, hapus redirect di .htaccess public

Browse Source
This commit is contained in:
mwpn
2025-12-18 13:25:50 +07:00
parent da151681e1
commit 4cd16d4e11
5 changed files with 66 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
public/.htaccess Normal file
View File

@@ -0,0 +1,32 @@
# Apache URL Rewrite untuk Retribusi Frontend (di folder public)
# Hanya untuk security headers dan cache, TIDAK ada redirect
# Security headers
<IfModule mod_headers.c>
# Prevent clickjacking
Header set X-Frame-Options "SAMEORIGIN"
# XSS Protection
Header set X-XSS-Protection "1; mode=block"
# Content Type Options
Header set X-Content-Type-Options "nosniff"
</IfModule>
# Cache static assets
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
</IfModule>
# Gzip compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>

9
public/dashboard/event.html
View File

@@ -236,7 +236,14 @@
// Check auth
if (!Auth.isAuthenticated()) {
window.location.href = '../index.php';
const currentPath = window.location.pathname.toLowerCase();
const isLoginPage = currentPath.includes('index.php') ||
currentPath === '/' ||
currentPath === '/index.php';
// Hanya redirect jika belum di login page
if (!isLoginPage) {
window.location.href = '../index.php';
}
}
// Logout handler

11
public/dashboard/js/api.js
View File

@@ -41,9 +41,14 @@ async function apiRequest(path, options = {}) {
localStorage.removeItem('token');
localStorage.removeItem('user');
// Cek apakah sudah di login page untuk menghindari redirect loop
const currentPath = window.location.pathname;
const isLoginPage = currentPath.includes('index.php') || currentPath === '/' || currentPath.endsWith('/');
if (!isLoginPage) {
const currentPath = window.location.pathname.toLowerCase();
const isLoginPage = currentPath.includes('index.php') ||
currentPath === '/' ||
currentPath === '/index.php' ||
currentPath.endsWith('/') ||
currentPath === '';
// Hanya redirect jika benar-benar di halaman dashboard, bukan di login page
if (!isLoginPage && currentPath.includes('dashboard')) {
window.location.href = '../index.php';
}
throw new Error('Unauthorized');

14
public/dashboard/js/dashboard.js
View File

@@ -696,10 +696,16 @@ document.addEventListener('DOMContentLoaded', async () => {
// Require auth
if (!Auth.isAuthenticated()) {
// Cek apakah sudah di login page untuk mencegah redirect loop
const currentPath = window.location.pathname;
const isLoginPage = currentPath.includes('index.php') || currentPath === '/' || currentPath.endsWith('/');
if (!isLoginPage) {
// Redirect ke login hanya jika belum di login page
const currentPath = window.location.pathname.toLowerCase();
const isLoginPage = currentPath.includes('index.php') ||
currentPath === '/' ||
currentPath === '/index.php' ||
currentPath.endsWith('/') ||
currentPath === '';
// JANGAN redirect jika sudah di login page atau root
if (!isLoginPage && currentPath.includes('dashboard')) {
// Hanya redirect jika benar-benar di halaman dashboard
window.location.href = '../index.php';
}
return;

9
public/dashboard/settings.html
View File

@@ -570,7 +570,14 @@
// Check auth
if (!Auth.isAuthenticated()) {
window.location.href = '../index.php';
const currentPath = window.location.pathname.toLowerCase();
const isLoginPage = currentPath.includes('index.php') ||
currentPath === '/' ||
currentPath === '/index.php';
// Hanya redirect jika belum di login page
if (!isLoginPage) {
window.location.href = '../index.php';
}
}
// Logout handler