Skip to content

Commit

Permalink
Merge pull request #1289 from erwinmombay/proxy-change
Browse files Browse the repository at this point in the history
fix(cid): localhost should only be considered as proxy if prefix is c or v.
  • Loading branch information
erwinmombay committed Jan 7, 2016
2 parents eeb3eac + 484067b commit e3fd74b
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 10 deletions.
15 changes: 6 additions & 9 deletions src/service/cid-impl.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@

import {assert} from '../asserts';
import {getCookie} from '../cookies';
import {getMode} from '../mode';
import {getService} from '../service';
import {parseUrl} from '../url';
import {timer} from '../timer';
Expand Down Expand Up @@ -126,10 +125,13 @@ function getExternalCid(cid, externalCidScope, persistenceConsent) {
* factored into its own package.
*/
export function isProxyOrigin(url) {
const path = url.pathname.split('/');
const prefix = path[1];
// List of well known proxy hosts. New proxies must be added here
// to generate correct tokens.
return (url.origin == 'https://cdn.ampproject.org' ||
url.origin.indexOf('http://localhost:') == 0);
(url.origin.indexOf('http://localhost:') == 0 &&
(prefix == 'c' || prefix == 'v')));
}

/**
Expand All @@ -147,13 +149,8 @@ export function getSourceOrigin(url) {
// The /s/ is optional and signals a secure origin.
const path = url.pathname.split('/');
const prefix = path[1];
const mode = getMode();
// whitelist while localdev and file is in build/ or examples/
if (!(mode.localDev &&
(prefix == 'examples.build' || prefix == 'examples'))) {
assert(prefix == 'c' || prefix == 'v',
'Unknown path prefix in url %s', url.href);
}
assert(prefix == 'c' || prefix == 'v',
'Unknown path prefix in url %s', url.href);
const domainOrHttpsSignal = path[2];
const origin = domainOrHttpsSignal == 's'
? 'https://' + path[3]
Expand Down
6 changes: 5 additions & 1 deletion test/functional/test-cid.js
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,11 @@ describe('isProxyOrigin', () => {
testProxyOrigin(
'https://cdn.ampproject.org/v/www.origin.com/foo/?f=0', true);
testProxyOrigin(
'http://localhost:123', true);
'http://localhost:123', false);
testProxyOrigin(
'http://localhost:123/c', true);
testProxyOrigin(
'http://localhost:123/v', true);
testProxyOrigin(
'https://cdn.ampproject.net/v/www.origin.com/foo/?f=0', false);
testProxyOrigin(
Expand Down

0 comments on commit e3fd74b

Please sign in to comment.