Allow to add local domains in the local config
This commit is contained in:
@@ -1,4 +1,5 @@
|
|||||||
{
|
{
|
||||||
"DEFAULT_API_URL": "https://app.simplelogin.io",
|
"DEFAULT_API_URL": "https://app.simplelogin.io",
|
||||||
|
"EXTRA_ALLOWED_DOMAINS": [],
|
||||||
"permissions": []
|
"permissions": []
|
||||||
}
|
}
|
||||||
+17
-9
@@ -61,21 +61,26 @@ async function handleExtensionSetup() {
|
|||||||
/**
|
/**
|
||||||
* Check if a message comes from an authorized source
|
* Check if a message comes from an authorized source
|
||||||
* @param {string} url
|
* @param {string} url
|
||||||
* @returns {Promise<boolean>}
|
* @returns boolean
|
||||||
*/
|
*/
|
||||||
const isMessageAllowed = async (url) => {
|
const isMessageAllowed = (url) => {
|
||||||
|
console.log("Received message from " + url);
|
||||||
const requestUrl = new URL(url);
|
const requestUrl = new URL(url);
|
||||||
const apiUrl = new URL(SLStorage.DEFAULT_SETTINGS[SLStorage.SETTINGS.API_URL]);
|
const apiUrl = new URL(SLStorage.DEFAULT_SETTINGS[SLStorage.SETTINGS.API_URL]);
|
||||||
|
|
||||||
const ALLOWED_SOURCES = [
|
let allowedSources = [
|
||||||
new RegExp(apiUrl.hostname),
|
new RegExp(apiUrl.hostname),
|
||||||
new RegExp("^app\\.simplelogin\\.io$"),
|
new RegExp("^app\\.simplelogin\\.io$"),
|
||||||
new RegExp("^.*\\.proton\\.ch$"),
|
|
||||||
new RegExp("^.*\\.protonmail\\.ch$"),
|
new RegExp("^.*\\.protonmail\\.ch$"),
|
||||||
new RegExp("^.*\\.protonmail\\.com$"),
|
new RegExp("^.*\\.protonmail\\.com$"),
|
||||||
];
|
];
|
||||||
|
|
||||||
for (const source of ALLOWED_SOURCES) {
|
const extraAllowedDomains = SLStorage.DEFAULT_SETTINGS[SLStorage.SETTINGS.EXTRA_ALLOWED_DOMAINS];
|
||||||
|
for (const extra of extraAllowedDomains) {
|
||||||
|
allowedSources.push(new RegExp(extra));
|
||||||
|
}
|
||||||
|
|
||||||
|
for (const source of allowedSources) {
|
||||||
if (source.test(requestUrl.host)) return true;
|
if (source.test(requestUrl.host)) return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
@@ -85,14 +90,17 @@ const isMessageAllowed = async (url) => {
|
|||||||
* Register onMessage listener
|
* Register onMessage listener
|
||||||
*/
|
*/
|
||||||
browser.runtime.onMessage.addListener(async function (request, sender) {
|
browser.runtime.onMessage.addListener(async function (request, sender) {
|
||||||
const isAllowed = await isMessageAllowed(sender.url);
|
// Check messages allowed from everywhere
|
||||||
if (!isAllowed) return;
|
|
||||||
|
|
||||||
if (request.tag === "NEW_RANDOM_ALIAS") {
|
if (request.tag === "NEW_RANDOM_ALIAS") {
|
||||||
return await handleNewRandomAlias(request.currentUrl);
|
return await handleNewRandomAlias(request.currentUrl);
|
||||||
} else if (request.tag === "GET_APP_SETTINGS") {
|
} else if (request.tag === "GET_APP_SETTINGS") {
|
||||||
return await handleGetAppSettings();
|
return await handleGetAppSettings();
|
||||||
} else if (request.tag === "EXTENSION_SETUP") {
|
}
|
||||||
|
|
||||||
|
// Check messages allowed only from authorized sources
|
||||||
|
if (!isMessageAllowed(sender.url)) return;
|
||||||
|
|
||||||
|
if (request.tag === "EXTENSION_SETUP") {
|
||||||
return await handleExtensionSetup();
|
return await handleExtensionSetup();
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -10,6 +10,7 @@ class SLStorage {
|
|||||||
NOT_ASKING_RATE: "notAskingRate",
|
NOT_ASKING_RATE: "notAskingRate",
|
||||||
SHOW_SL_BUTTON: "showSLButton",
|
SHOW_SL_BUTTON: "showSLButton",
|
||||||
SL_BUTTON_POSITION: "SLButtonPosition",
|
SL_BUTTON_POSITION: "SLButtonPosition",
|
||||||
|
EXTRA_ALLOWED_DOMAINS: [],
|
||||||
};
|
};
|
||||||
|
|
||||||
static DEFAULT_SETTINGS = {
|
static DEFAULT_SETTINGS = {
|
||||||
@@ -20,6 +21,9 @@ class SLStorage {
|
|||||||
[SLStorage.SETTINGS.NOT_ASKING_RATE]: false,
|
[SLStorage.SETTINGS.NOT_ASKING_RATE]: false,
|
||||||
[SLStorage.SETTINGS.SHOW_SL_BUTTON]: true,
|
[SLStorage.SETTINGS.SHOW_SL_BUTTON]: true,
|
||||||
[SLStorage.SETTINGS.SL_BUTTON_POSITION]: "right-inside",
|
[SLStorage.SETTINGS.SL_BUTTON_POSITION]: "right-inside",
|
||||||
|
[SLStorage.SETTINGS.EXTRA_ALLOWED_DOMAINS]: devConfig
|
||||||
|
? devConfig.EXTRA_ALLOWED_DOMAINS
|
||||||
|
: []
|
||||||
};
|
};
|
||||||
|
|
||||||
static set(key, value) {
|
static set(key, value) {
|
||||||
|
|||||||
Reference in New Issue
Block a user