filter custom connectSrc #551

szymonlesisz · 2020-04-02T07:29:11Z

No description provided.

prusnak · 2020-04-02T07:53:25Z

src/js/data/ConnectSettings.js

+// `trezord` will block communication anyway
+export const corsValidator = (url?: string) => {
+    if (typeof url !== 'string') return;
+    if (url.match(/^https:\/\/([a-zA-Z0-9-_])*.trezor.io\//)) return url;


This should be /^https:\/\/([A-Za-z0-9\-_]+\.)*trezor\.io\//

in the original regex, the following did not work:

https://trezor.io/ (please add to test below)

https://sub.dom.trezor.io/ (please add to test below)

and this worked:

https://testxtrezorxio/(please add to test below)

prusnak · 2020-04-02T07:54:04Z

src/js/data/ConnectSettings.js

+    if (typeof url !== 'string') return;
+    if (url.match(/^https:\/\/([a-zA-Z0-9-_])*.trezor.io\//)) return url;
+    if (url.match(/^https?:\/\/localhost:[58][0-9]{3}\//)) return url;
+    if (url.match(/^https:\/\/([a-zA-Z0-9-_])*.sldev.cz\//)) return url;


This should be /^https:\/\/([A-Za-z0-9\-_]+\.)*sldev\.cz\//

same reason as above, please add to tests too

szymonlesisz added 2 commits April 2, 2020 09:28

filter custom connectSrc

045e42d

Update ConnectSettings.test.js

1d07e25

szymonlesisz requested a review from prusnak April 2, 2020 07:35

prusnak suggested changes Apr 2, 2020

View reviewed changes

updated regex

366c2b6

prusnak merged commit 98738c5 into develop Apr 2, 2020

prusnak deleted the fix/filter-custom-src branch April 2, 2020 08:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

filter custom connectSrc #551

filter custom connectSrc #551

szymonlesisz commented Apr 2, 2020

prusnak Apr 2, 2020

prusnak Apr 2, 2020

filter custom connectSrc #551

filter custom connectSrc #551

Conversation

szymonlesisz commented Apr 2, 2020

prusnak Apr 2, 2020

Choose a reason for hiding this comment

prusnak Apr 2, 2020

Choose a reason for hiding this comment