Merge URL whitelist

sorribas · Oct 20, 2016 · 42b7a20 · 42b7a20
2 parents c1a18e1 + 1787405
commit 42b7a20
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -192,6 +192,17 @@ var phantom = render({
 });
 ```
 
+## Request whitelist
+For security reasons you probably would filter the outgoing requests:
+
+```javascript
+var phantom = render({
+  requestWhitelist: [
+    '^http://localhost/assets/.*'
+  ]
+});
+```
+
 ## Extra Dependencies
 
 For rendering, PhantomJS requires the `fontconfig` library, which may be missing if you're using Ubuntu Server. To install on Ubuntu:

diff --git a/index.js b/index.js
@@ -188,7 +188,7 @@ var pool = function(opts) {
 
     worker.stream.on('data', function(data) {
       if (data.log) return dup.push(data);
-      
+
       if (!data.success) worker.errors++;
       else worker.errors = 0;
 
@@ -239,7 +239,8 @@ var create = function(opts) {
     tmp          : TMP,
     format       : 'png',
     quality      : 100,
-    listen       : '0.0.0.0'
+    listen       : '0.0.0.0',
+    requestWhitelist: false
   };
 
   opts = xtend(defaultOpts,opts);
@@ -253,7 +254,7 @@ var create = function(opts) {
     if (!proxy) return;
 
     if (data.log) return proxy.emit('log', data.log);
-  
+
     if (!data.success && data.tries < opts.retries) {
       fs.unlink(data.filename, noop);
       data.tries++;
@@ -266,8 +267,8 @@ var create = function(opts) {
     if (!data.success) {
       fs.unlink(data.filename, noop);
       return proxy.destroy(new Error(
-        'Render failed (' + data.tries + ' tries) ' + 
-        'Request details: ' + JSON.stringify(data))); 
+        'Render failed (' + data.tries + ' tries) ' +
+        'Request details: ' + JSON.stringify(data)));
     }
 
     eos(proxy, { writable: false }, function() {

diff --git a/phantom-process.js b/phantom-process.js
@@ -180,6 +180,21 @@ var loop = function() {
 
   if(line.javascriptEnabled === false) page.settings.javascriptEnabled = false;
 
+  if(line.requestWhitelist) {
+    page.onResourceRequested = function(reqData, networkRequest) {
+      if(line.url === reqData.url) return; // allow self-request
+      var abort = true;
+      line.requestWhitelist.forEach(function(rgxp) {
+        var r = new RegExp(rgxp, 'gi');
+        if(r.test(reqData.url)) abort = false;
+      });
+      if(abort) {
+        console.log('Deny network request to', reqData.url);
+        networkRequest.abort();
+      }
+    }
+  }
+
   var onerror = function(message) {
     page.log(message);
     line.success = false;