Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow custom domains to use alternative origins #2399

Merged
merged 4 commits into from Apr 5, 2024
Merged

Allow custom domains to use alternative origins #2399

merged 4 commits into from Apr 5, 2024

Conversation

frederikrothenberger
Copy link
Member

@frederikrothenberger frederikrothenberger commented Apr 3, 2024
edited by github-actions bot

This PR lifts the restriction on the alternative origins feature to only allow canister id based subdomains of ic0.app and icp0.io.

The canister id resolution is now the same for the session authorization flow as it is for verifiable credentials.

The following restriction is still in place: the alternative origins file needs to be served from a canister accessible on the icp0.io domain.

Allowances are made for local development using localhost, 0.0.0.0, 127.0.0.1 and custom HTTP gateways.

This PR also adds a unit test suite for the derivation origin validation.

馃煛 Some screens were changed

@frederikrothenberger
Allow custom domains to use alternative origins
db4e29b 
This PR lifts the restriction on the alternative origins feature to only
allow canister id based subdomains of `ic0.app` and `icp0.io`.

The canister id resolution is now the same for the session authorization
flow as it is for verifiable credentials.

The following restriction is still in place: the alternative origins file
needs to be served from a canister accessible on the `icp0.io` domain.

Allowances are made for local development using `localhost`, `0.0.0.0`,
`127.0.0.1` and custom HTTP gateways.

This PR also adds a unit test suite for the derivation origin validation.
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 3, 2024
View reviewed changes
src/frontend/src/utils/validateDerivationOrigin.ts Dismissed Show dismissed Hide dismissed
src/frontend/src/utils/validateDerivationOrigin.ts Dismissed Show dismissed Hide dismissed
lmuntaner
lmuntaner approved these changes Apr 3, 2024
View reviewed changes
Copy link
Contributor

@lmuntaner lmuntaner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks!

src/frontend/src/utils/validateDerivationOrigin.ts Show resolved Hide resolved
src/frontend/src/utils/validateDerivationOrigin.test.ts Outdated Show resolved Hide resolved
src/frontend/src/utils/validateDerivationOrigin.test.ts Outdated Show resolved Hide resolved
src/frontend/src/utils/validateDerivationOrigin.test.ts Outdated Show resolved Hide resolved
@frederikrothenberger frederikrothenberger added this pull request to the merge queue Apr 5, 2024
Merged via the queue into main with commit cdf3ffd Apr 5, 2024
66 checks passed
@frederikrothenberger frederikrothenberger deleted the frederik/allow-custom-alternative-origins branch April 5, 2024 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lmuntaner lmuntaner lmuntaner approved these changes

@peterpeterparker peterpeterparker Awaiting requested review from peterpeterparker

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@frederikrothenberger @lmuntaner