enable addition checks in routing images through a custom web proxy c…

…ode, #312
vladimiry · Oct 19, 2020 · ca5a312 · ca5a312
1 parent b7c4484
commit ca5a312
Showing 1 changed file with 22 additions and 15 deletions.
diff --git a/src/electron-main/web-request/index.ts b/src/electron-main/web-request/index.ts
@@ -27,7 +27,7 @@ const requestProxyCache = (() => {
         | OnHeadersReceivedListenerDetails
         | OnErrorOccurredListenerDetails
         | OnCompletedListenerDetails;
-    type MapValue = { imageUrlProxified?: boolean; corsProxy?: CorsProxy };
+    type MapValue = { additionAllowedOrigin?: string; corsProxy?: CorsProxy };
 
     const map = new Map<MapKeyArg["id"], MapValue>();
 
@@ -67,13 +67,6 @@ export function initWebRequestListenersByAccount(
     }
 
     const origins = {
-        externalContentProxyUrlPattern: (
-            enableExternalContentProxy
-            &&
-            externalContentProxyUrlPattern
-            &&
-            parseUrlOriginWithNullishCheck(externalContentProxyUrlPattern)
-        ),
         webClientEntryUrl: parseUrlOriginWithNullishCheck(webClient.entryUrl),
         devTools: parseUrlOriginWithNullishCheck("devtools://devtools"),
     } as const;
@@ -97,7 +90,7 @@ export function initWebRequestListenersByAccount(
             if (
                 enableExternalContentProxy
                 &&
-                !requestProxyCache.get(details)?.imageUrlProxified // has not yet been proxified
+                !requestProxyCache.get(details)?.additionAllowedOrigin // has not yet been proxified (preventing infinity redirect loop)
                 &&
                 String(details.resourceType).toLowerCase() === "image"
                 &&
@@ -112,21 +105,35 @@ export function initWebRequestListenersByAccount(
                 if (!externalContentProxyUrlPattern) {
                     throw new Error(`Invalid "external content proxy URL pattern" value.`);
                 }
-                const redirectURL = externalContentProxyUrlPattern.replace(
-                    ACCOUNT_EXTERNAL_CONTENT_PROXY_URL_REPLACE_PATTERN,
-                    details.url,
+
+                const redirectURL = externalContentProxyUrlPattern.replace(ACCOUNT_EXTERNAL_CONTENT_PROXY_URL_REPLACE_PATTERN, url);
+
+                if (
+                    redirectURL === externalContentProxyUrlPattern
+                    ||
+                    !redirectURL.includes(url)
+                ) {
+                    throw new Error(`Failed to substitute "${url}" in "${externalContentProxyUrlPattern}" pattern.`);
+                }
+
+                requestProxyCache.patch(
+                    details,
+                    {additionAllowedOrigin: parseUrlOriginWithNullishCheck(redirectURL)},
                 );
-                requestProxyCache.patch(details, {imageUrlProxified: true});
+
                 callback({redirectURL});
+
                 return;
             }
 
+            const additionAllowedOrigin = requestProxyCache.get(details)?.additionAllowedOrigin;
+
             const bannedUrlAccessMsg: null | string = blockNonEntryUrlBasedRequests
                 ? buildUrlOriginsFailedMsgTester([
                     ...allowedOrigins,
                     ...(
-                        origins.externalContentProxyUrlPattern && requestProxyCache.get(details)?.imageUrlProxified
-                            ? [origins.externalContentProxyUrlPattern]
+                        additionAllowedOrigin
+                            ? [additionAllowedOrigin]
                             : []
                     ),
                 ])(url)