Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(node-18): ATS URL Parsing #1302

Merged
merged 1 commit into from
Apr 12, 2023
Merged

fix(node-18): ATS URL Parsing #1302

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 23 additions & 23 deletions lib/prepare.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -997,12 +997,8 @@ function processAccessAndAllowNavigationEntries (config) {
null is returned if the URL cannot be parsed, or is to be skipped for ATS.
*/
function parseAllowlistUrlForATS (url, options) {
// @todo 'url.parse' was deprecated since v11.0.0. Use 'url.URL' constructor instead.
const href = URL.parse(url); // eslint-disable-line
const retObj = {};
retObj.Hostname = href.hostname;

// Guiding principle: we only set values in retObj if they are NOT the default
const retObj = {};

if (url === '*') {
retObj.Hostname = '*';
Expand All @@ -1026,27 +1022,33 @@ function parseAllowlistUrlForATS (url, options) {
return retObj;
}

if (!retObj.Hostname) {
// check origin, if it allows subdomains (wildcard in hostname), we set NSIncludesSubdomains to YES. Default is NO
const subdomain1 = '/*.'; // wildcard in hostname
const subdomain2 = '*://*.'; // wildcard in hostname and protocol
const subdomain3 = '*://'; // wildcard in protocol only
if (!href.pathname) {
return null;
} else if (href.pathname.indexOf(subdomain1) === 0) {
retObj.NSIncludesSubdomains = true;
retObj.Hostname = href.pathname.substring(subdomain1.length);
} else if (href.pathname.indexOf(subdomain2) === 0) {
retObj.NSIncludesSubdomains = true;
retObj.Hostname = href.pathname.substring(subdomain2.length);
} else if (href.pathname.indexOf(subdomain3) === 0) {
retObj.Hostname = href.pathname.substring(subdomain3.length);
let href = null;
try {
href = new URL.URL(url);
} catch (e) {
const scheme = url.split(':')[0];
// If there's a wildcard in the protocol, the URL will fail to parse
// Replace it with "http" to allow insecure loads
if (scheme.includes('*')) {
href = new URL.URL(url.replace(scheme, 'http'));
} else {
// Handling "scheme:*" case to avoid creating of a blank key in NSExceptionDomains.
return null;
}
}

retObj.Hostname = href.hostname;

// Handling "scheme:*" case to avoid creating of a blank key in NSExceptionDomains.
if (retObj.Hostname === '') {
return null;
}

// check origin, if it allows subdomains (wildcard in hostname), we set NSIncludesSubdomains to YES. Default is NO
if (retObj.Hostname.startsWith('*.')) {
retObj.NSIncludesSubdomains = true;
retObj.Hostname = href.hostname.substring(2);
}

if (options.minimum_tls_version && options.minimum_tls_version !== 'TLSv1.2') { // default is TLSv1.2
retObj.NSExceptionMinimumTLSVersion = options.minimum_tls_version;
}
Expand All @@ -1064,8 +1066,6 @@ function parseAllowlistUrlForATS (url, options) {
// if the scheme is HTTP, we set NSExceptionAllowsInsecureHTTPLoads to YES. Default is NO
if (href.protocol === 'http:') {
retObj.NSExceptionAllowsInsecureHTTPLoads = true;
} else if (!href.protocol && href.pathname.indexOf('*:/') === 0) { // wilcard in protocol
retObj.NSExceptionAllowsInsecureHTTPLoads = true;
}

return retObj;
Expand Down