From d7f63f39b2305957def4a9563f862156b01e0804 Mon Sep 17 00:00:00 2001
From: Alexandros Tzimas <alex.tzimas@mystenlabs.com>
Date: Thu, 19 Dec 2024 12:07:09 +0200
Subject: [PATCH] Fix: add check content-type to be html before js injection

---
 portal/server/app/route.ts                   | 10 +++++-----
 portal/server/inject_unregister_sw_script.ts |  6 ++++++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/portal/server/app/route.ts b/portal/server/app/route.ts
index 22ada89..dc9ba24 100644
--- a/portal/server/app/route.ts
+++ b/portal/server/app/route.ts
@@ -45,7 +45,7 @@ export async function GET(req: Request) {
     if (walrusPath) {
         console.log(`Redirecting to aggregator url response: ${req.url} from ${objectIdPath}`);
         const response = redirectToAggregatorUrlResponse(url, walrusPath);
-        return inject_unregister_service_worker_script(response);
+        return await inject_unregister_service_worker_script(response);
     }
 
     const parsedUrl = getSubdomainAndPath(url, Number(portalDomainNameLength));
@@ -54,12 +54,12 @@ export async function GET(req: Request) {
 
     if (parsedUrl) {
         if (blocklistChecker && await blocklistChecker.isBlocked(parsedUrl.subdomain)) {
-            return inject_unregister_service_worker_script(siteNotFound());
+            return await inject_unregister_service_worker_script(siteNotFound());
         }
 
         if (requestDomain == portalDomain && parsedUrl.subdomain) {
             const response = await urlFetcher.resolveDomainAndFetchUrl(parsedUrl, null, blocklistChecker);
-            return inject_unregister_service_worker_script(response);
+            return await inject_unregister_service_worker_script(response);
         }
     }
 
@@ -74,9 +74,9 @@ export async function GET(req: Request) {
             null,
             blocklistChecker
         );
-        return inject_unregister_service_worker_script(response);
+        return await inject_unregister_service_worker_script(response);
     }
 
     const response404 = new Response(`Resource at ${originalUrl} not found!`, { status: 404 });
-    return inject_unregister_service_worker_script(response404);
+    return await inject_unregister_service_worker_script(response404);
 }
diff --git a/portal/server/inject_unregister_sw_script.ts b/portal/server/inject_unregister_sw_script.ts
index 2122578..64896c6 100644
--- a/portal/server/inject_unregister_sw_script.ts
+++ b/portal/server/inject_unregister_sw_script.ts
@@ -13,6 +13,12 @@
 * @returns a new response with the script injected.
 */
 export async function inject_unregister_service_worker_script(response: Response): Promise<Response> {
+    const contentType = response.headers.get('content-type');
+    if (!contentType || !contentType.includes('text/html')) {
+        console.log('Skipping service worker unregistration script injection because the content type is not HTML.');
+        return response;
+    }
+
     let responseBody = await response.text();
     const script = `
         <script>