Skip to content

Commit

Permalink
fix: URL parsing for ATS in node 18 (#1302)
Browse files Browse the repository at this point in the history
Fixes #1290
  • Loading branch information
dpogue authored Apr 12, 2023
1 parent e1e21cf commit ad60924
Showing 1 changed file with 23 additions and 23 deletions.
46 changes: 23 additions & 23 deletions lib/prepare.js
Original file line number Diff line number Diff line change
Expand Up @@ -997,12 +997,8 @@ function processAccessAndAllowNavigationEntries (config) {
null is returned if the URL cannot be parsed, or is to be skipped for ATS.
*/
function parseAllowlistUrlForATS (url, options) {
// @todo 'url.parse' was deprecated since v11.0.0. Use 'url.URL' constructor instead.
const href = URL.parse(url); // eslint-disable-line
const retObj = {};
retObj.Hostname = href.hostname;

// Guiding principle: we only set values in retObj if they are NOT the default
const retObj = {};

if (url === '*') {
retObj.Hostname = '*';
Expand All @@ -1026,27 +1022,33 @@ function parseAllowlistUrlForATS (url, options) {
return retObj;
}

if (!retObj.Hostname) {
// check origin, if it allows subdomains (wildcard in hostname), we set NSIncludesSubdomains to YES. Default is NO
const subdomain1 = '/*.'; // wildcard in hostname
const subdomain2 = '*://*.'; // wildcard in hostname and protocol
const subdomain3 = '*://'; // wildcard in protocol only
if (!href.pathname) {
return null;
} else if (href.pathname.indexOf(subdomain1) === 0) {
retObj.NSIncludesSubdomains = true;
retObj.Hostname = href.pathname.substring(subdomain1.length);
} else if (href.pathname.indexOf(subdomain2) === 0) {
retObj.NSIncludesSubdomains = true;
retObj.Hostname = href.pathname.substring(subdomain2.length);
} else if (href.pathname.indexOf(subdomain3) === 0) {
retObj.Hostname = href.pathname.substring(subdomain3.length);
let href = null;
try {
href = new URL.URL(url);
} catch (e) {
const scheme = url.split(':')[0];
// If there's a wildcard in the protocol, the URL will fail to parse
// Replace it with "http" to allow insecure loads
if (scheme.includes('*')) {
href = new URL.URL(url.replace(scheme, 'http'));
} else {
// Handling "scheme:*" case to avoid creating of a blank key in NSExceptionDomains.
return null;
}
}

retObj.Hostname = href.hostname;

// Handling "scheme:*" case to avoid creating of a blank key in NSExceptionDomains.
if (retObj.Hostname === '') {
return null;
}

// check origin, if it allows subdomains (wildcard in hostname), we set NSIncludesSubdomains to YES. Default is NO
if (retObj.Hostname.startsWith('*.')) {
retObj.NSIncludesSubdomains = true;
retObj.Hostname = href.hostname.substring(2);
}

if (options.minimum_tls_version && options.minimum_tls_version !== 'TLSv1.2') { // default is TLSv1.2
retObj.NSExceptionMinimumTLSVersion = options.minimum_tls_version;
}
Expand All @@ -1064,8 +1066,6 @@ function parseAllowlistUrlForATS (url, options) {
// if the scheme is HTTP, we set NSExceptionAllowsInsecureHTTPLoads to YES. Default is NO
if (href.protocol === 'http:') {
retObj.NSExceptionAllowsInsecureHTTPLoads = true;
} else if (!href.protocol && href.pathname.indexOf('*:/') === 0) { // wilcard in protocol
retObj.NSExceptionAllowsInsecureHTTPLoads = true;
}

return retObj;
Expand Down

0 comments on commit ad60924

Please sign in to comment.