Return null in getCacheToUseIfEnabled when the protocol is not https (#24012)

Addresses #23082 If served over http the cache is assumed compromised, this can happen when the page first loads over http before the https redirect.

Return null in getCacheToUseIfEnabled when the protocol is not https (#24012)
b8261dfe · Josh Dadak · GitHub · cf77999a · b8261dfe · b8261dfe
--- a/src/Components/Web.JS/dist/Release/blazor.webassembly.js
+++ b/src/Components/Web.JS/dist/Release/blazor.webassembly.js
--- a/src/Components/Web.JS/src/Platform/WebAssemblyResourceLoader.ts
+++ b/src/Components/Web.JS/src/Platform/WebAssemblyResourceLoader.ts
@@ -165,6 +165,12 @@ async function getCacheToUseIfEnabled(bootConfig: BootJsonData): Promise<Cache |
    return null;
  }
+  // cache integrity is compromised if the first request has been served over http
+  // in this case, we want to disable caching and integrity validation
+  if (document.location.protocol !== 'https:') {
+    return null;
+  }
  // Define a separate cache for each base href, so we're isolated from any other
  // Blazor application running on the same origin. We need this so that we're free
  // to purge from the cache anything we're not using and don't let it keep growing,