do not repeat successful security checks. fixes #3363

This avoids creating lots of 403 errors for properly secured data
directories. Only one successful check per browser session will be
executed.

1 files changed, 30 insertions, 0 deletions

diff --git a/lib/scripts/behaviour.js b/lib/scripts/behaviour.js
index 70b60ef9a..009081f80 100644
--- a/lib/scripts/behaviour.js
+++ b/lib/scripts/behaviour.js
@@ -56,6 +56,7 @@ var dw_behaviour = {
         dw_behaviour.checkWindowsShares();
         dw_behaviour.subscription();
         dw_behaviour.pageRestoreConfirm();
+        dw_behaviour.securityCheck();
 
         dw_behaviour.revisionBoxHandler();
         jQuery(document).on('click','#page__revisions input[type=checkbox]',
@@ -204,6 +205,35 @@ var dw_behaviour = {
                 }
             });
         }
+    },
+
+    /**
+     * Check that access to the data directory is properly secured
+     *
+     * A successful check (a 403 error was returned when loading the image) is saved
+     * to session storage and not repeated again until the next browser session. This
+     * avoids overeager security bans (see #3363)
+     */
+    securityCheck: function () {
+        var $checkA = jQuery('#security__check');
+        if (!$checkA.length) return;
+        if (sessionStorage.getItem('security-check')) {
+            // check was already executed successfully
+            $checkA.remove();
+            return;
+        }
+
+        var img = new Image(347, 63);
+        img.onerror = function () {
+            // successful check will not be repeated during session
+            $checkA.remove();
+            sessionStorage.setItem('security-check', true);
+        }
+        img.onload = function () {
+            // check failed, display the image
+            $checkA.html(img);
+        }
+        img.src = $checkA.data('src');
     }
 };