diff --git a/lib/client.js b/lib/client.js index 52784cc..772671a 100644 --- a/lib/client.js +++ b/lib/client.js @@ -219,6 +219,26 @@ function processResponse(path, result) { return result; } +function isOriginValid(origin) { + var WHITELISTED_ORIGINS = [ + /.*zendesk\.com.*/gi, + /.*zd-staging\.com.*/gi, + /.*zd-dev\.com.*/gi, + /.*zd-master\.com.*/gi, + /.*zendesk-staging\.com.*/gi, + /.*dashboard\.zopim\.com.*/gi, + /.*dashboard\.zopim\.org.*/gi + ]; + + for (var i = 0; i < WHITELISTED_ORIGINS.length; i++) { + if (WHITELISTED_ORIGINS[i].test(origin)) { + return true; + } + } + + return false; +} + var Client = function(options) { this._parent = options.parent; this._origin = options.origin || this._parent && this._parent._origin; @@ -232,6 +252,10 @@ var Client = function(options) { this._context = options.context || null; this.ready = false; + if(!isOriginValid(this._origin)) { + throw new Error('Invalid domain'); + } + this.on('app.registered', function(data) { this.ready = true; this._metadata = data.metadata; diff --git a/spec/client_spec.js b/spec/client_spec.js index 3f7b6b3..f8a07fa 100644 --- a/spec/client_spec.js +++ b/spec/client_spec.js @@ -36,6 +36,78 @@ describe('Client', function() { window.addEventListener.callArgWith(1, evt); } + describe('isOriginValid', function() { + it('Should instantiate client for support production domain(subdomain.zendesk.com)', function() { + var validOriginClient = new Client({ + origin: 'https://sub1.zendesk.com', + appGuid: 'appGuid', + source: source + }); + + expect(validOriginClient).to.exist; + }); + + it('Should instantiate client for support old staging domain(subdomain.zd-staging.com)', function() { + var validOriginClient = new Client({ + origin: 'https://sub1.zd-staging.com', + appGuid: 'appGuid', + source: source + }); + + expect(validOriginClient).to.exist; + }); + + it('Should instantiate client for support new staging domain(subdomain.zendesk-staging.com)', function() { + var validOriginClient = new Client({ + origin: 'https://sub1.zendesk-staging.com', + appGuid: 'appGuid', + source: source + }); + + expect(validOriginClient).to.exist; + }); + + it('Should instantiate client for support master stage domain(subdomain.zd-master.com)', function() { + var validOriginClient = new Client({ + origin: 'https://sub1.zd-master.com', + appGuid: 'appGuid', + source: source + }); + + expect(validOriginClient).to.exist; + }); + + it('Should instantiate client for chat production domain(dashboard.zopim.com)', function() { + var validOriginClient = new Client({ + origin: 'https://dashboard.zopim.com', + appGuid: 'appGuid', + source: source + }); + + expect(validOriginClient).to.exist; + }); + + it('Should instantiate client for chat staging domain(dashboard.zopim.org)', function() { + var validOriginClient = new Client({ + origin: 'https://dashboard.zopim.org', + appGuid: 'appGuid', + source: source + }); + + expect(validOriginClient).to.exist; + }); + + it('Should throw when domain is invalid', function() { + expect(function() { + new Client({ + origin: 'https://invalid-domain.com', + appGuid: 'appGuid', + source: source + }); + }).to.throw(Error); + }); + }); + describe('initialisation', function() { it('can be instantiated', function() { expect(subject).to.exist; diff --git a/spec/index_spec.js b/spec/index_spec.js index ec6a962..fb2183d 100644 --- a/spec/index_spec.js +++ b/spec/index_spec.js @@ -16,7 +16,7 @@ describe('ZAFClient', function() { describe('given origin and app_guid exist', function() { beforeEach(function() { Utils.queryParameters.returns({ - origin: document.location, + origin: 'https://subdomain.zendesk.com', app_guid: 'A2' }); });