[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-wallet-core] 01/04: prevent http request without enable it explic
|
From: |
gnunet |
|
Subject: |
[taler-wallet-core] 01/04: prevent http request without enable it explicitly |
|
Date: |
Mon, 24 Apr 2023 18:13:28 +0200 |
This is an automated email from the git hooks/post-receive script.
sebasjm pushed a commit to branch master
in repository wallet-core.
commit 3004ece1f8153fdf8ddb283e5d767dd5b5c2e179
Author: Sebastian <sebasjm@gmail.com>
AuthorDate: Mon Apr 24 12:42:45 2023 -0300
prevent http request without enable it explicitly
---
packages/taler-util/package.json | 4 ++--
packages/taler-util/src/http-common.ts | 1 +
packages/taler-util/src/http-impl.node.ts | 12 ++++++++++++
packages/taler-util/src/http-impl.qtart.ts | 12 ++++++++++++
4 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/packages/taler-util/package.json b/packages/taler-util/package.json
index e7df2889f..26ca9b6b3 100644
--- a/packages/taler-util/package.json
+++ b/packages/taler-util/package.json
@@ -74,7 +74,7 @@
},
"ava": {
"files": [
- "lib/*test.js"
+ "lib/**/*test.js"
]
- }
+}
}
diff --git a/packages/taler-util/src/http-common.ts
b/packages/taler-util/src/http-common.ts
index 9aaad12c7..8da4003b5 100644
--- a/packages/taler-util/src/http-common.ts
+++ b/packages/taler-util/src/http-common.ts
@@ -423,6 +423,7 @@ export function getExpiry(
export interface HttpLibArgs {
enableThrottling?: boolean;
+ allowHttp?: boolean;
}
export function encodeBody(body: any): ArrayBuffer {
diff --git a/packages/taler-util/src/http-impl.node.ts
b/packages/taler-util/src/http-impl.node.ts
index 6dfce934f..4df1feaf0 100644
--- a/packages/taler-util/src/http-impl.node.ts
+++ b/packages/taler-util/src/http-impl.node.ts
@@ -49,9 +49,11 @@ const textDecoder = new TextDecoder();
export class HttpLibImpl implements HttpRequestLibrary {
private throttle = new RequestThrottler();
private throttlingEnabled = true;
+ private allowHttp = false;
constructor(args?: HttpLibArgs) {
this.throttlingEnabled = args?.enableThrottling ?? false;
+ this.allowHttp = args?.allowHttp ?? false;
}
/**
@@ -78,6 +80,16 @@ export class HttpLibImpl implements HttpRequestLibrary {
`request to origin ${parsedUrl.origin} was throttled`,
);
}
+ if (!this.allowHttp && parsedUrl.protocol !== "https:") {
+ throw TalerError.fromDetail(
+ TalerErrorCode.WALLET_NETWORK_ERROR,
+ {
+ requestMethod: method,
+ requestUrl: url,
+ },
+ `request to ${parsedUrl.origin} is not possible with protocol
${parsedUrl.protocol}`,
+ );
+ }
let timeoutMs: number | undefined;
if (typeof opt?.timeout?.d_ms === "number") {
timeoutMs = opt.timeout.d_ms;
diff --git a/packages/taler-util/src/http-impl.qtart.ts
b/packages/taler-util/src/http-impl.qtart.ts
index ee3d1f725..3a963b35a 100644
--- a/packages/taler-util/src/http-impl.qtart.ts
+++ b/packages/taler-util/src/http-impl.qtart.ts
@@ -41,9 +41,11 @@ const textDecoder = new TextDecoder();
export class HttpLibImpl implements HttpRequestLibrary {
private throttle = new RequestThrottler();
private throttlingEnabled = true;
+ private allowHttp = false;
constructor(args?: HttpLibArgs) {
this.throttlingEnabled = args?.enableThrottling ?? false;
+ this.allowHttp = args?.allowHttp ?? false;
}
/**
@@ -70,6 +72,16 @@ export class HttpLibImpl implements HttpRequestLibrary {
`request to origin ${parsedUrl.origin} was throttled`,
);
}
+ if (!this.allowHttp && parsedUrl.protocol !== "https") {
+ throw TalerError.fromDetail(
+ TalerErrorCode.WALLET_NETWORK_ERROR,
+ {
+ requestMethod: method,
+ requestUrl: url,
+ },
+ `request to ${parsedUrl.origin} is not possible with protocol
${parsedUrl.protocol}`,
+ );
+ }
let data: ArrayBuffer | undefined = undefined;
const requestHeadersMap = { ...getDefaultHeaders(method), ...opt?.headers
};
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.