Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[2.1] Restrict chromium requests #430

Merged
merged 8 commits into from
Aug 18, 2022
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Disallow redirection to non-localhost urls
Signed-off-by: Joshua Li <joshuali925@gmail.com>
  • Loading branch information
joshuali925 committed Aug 17, 2022
commit df5dc50cd5b4f9404f6ea0d7a98aa131802f8e53
Original file line number Diff line number Diff line change
@@ -84,6 +84,25 @@ export const createVisualReport = async (
},
});
const page = await browser.newPage();

await page.setRequestInterception(true);
page.on('request', (req) => {
// disallow non-localhost redirections
if (
req.isNavigationRequest() &&
req.redirectChain().length > 0 &&
!/^(0|0.0.0.0|127.0.0.1|localhost)$/.test(new URL(req.url()).hostname)
) {
logger.error(
'Reporting does not allow redirections to outside of localhost, aborting. URL received: ' +
req.url()
);
req.abort();
} else {
req.continue();
}
});

page.setDefaultNavigationTimeout(0);
page.setDefaultTimeout(100000); // use 100s timeout instead of default 30s
// Set extra headers that are needed