feat: disable scripts on password reset page (#9693)

app/controllers/dashboard_controller.rb

@@ -37,7 +37,7 @@ class DashboardController < ActionController::Base
   end
 
   def set_dashboard_scripts
-    @dashboard_scripts = GlobalConfig.get_value('DASHBOARD_SCRIPTS')
+    @dashboard_scripts = sensitive_path? ? nil : GlobalConfig.get_value('DASHBOARD_SCRIPTS')
   end
 
   def ensure_installation_onboarding
@@ -75,4 +75,14 @@ class DashboardController < ActionController::Base
                           'application'
                         end
   end
+
+  def sensitive_path?
+    # dont load dashboard scripts on sensitive paths like password reset
+    sensitive_paths = [edit_user_password_path].freeze
+
+    # remove app prefix
+    current_path = request.path.gsub(%r{^/app}, '')
+
+    sensitive_paths.include?(current_path)
+  end
 end

app/javascript/v3/views/index.js

@@ -6,12 +6,16 @@ import { validateRouteAccess } from '../helpers/RouteHelper';
 
 export const router = new VueRouter({ mode: 'history', routes });
 
+const sensitiveRouteNames = ['auth_password_edit'];
+
 export const initalizeRouter = () => {
   router.beforeEach((to, _, next) => {
-    AnalyticsHelper.page(to.name || '', {
-      path: to.path,
-      name: to.name,
-    });
+    if (!sensitiveRouteNames.includes(to.name)) {
+      AnalyticsHelper.page(to.name || '', {
+        path: to.path,
+        name: to.name,
+      });
+    }
 
     return validateRouteAccess(to, next, window.chatwootConfig);
   });