Use editor path in generating localStorage keys #4151
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed changes
The approach reads the path from window.location in RED.settings.init(), removes the last character, replaces "/" with "-" and stores it a authTokensSuffix property. Whenever the key auth-tokens is read, set or removed this suffix is added to the localStorage key. This results i no api-changes and no changes when the editor runs in the root path and you may run as much instances as you like on a single host name.
The only, from my perspective minor, point of discussion is the the behavior, that the hole auth-tokens* "Namespace" for setting-keys gets "magic" while currently only the key auth-tokens itself has special meaning. I don't see a security issue because the sessions are initiated from the same operating system user, on the same browser, on the same computer. And as logout is still working as expected, it truly has to be the same person - so nothing is leaked when reviewing the localStorage.
Checklist
grunt
to verify the unit tests pass