This is an automated email from the ASF dual-hosted git repository.
niklasmerz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cordova-ios.git
The following commit(s) were added to refs/heads/master by this push:
new ad609240 fix: URL parsing for ATS in node 18 (#1302)
ad609240 is described below
commit ad609240b8b780d2b3f971642e685e5b157029e3
Author: Darryl Pogue <dar...@dpogue.ca>
AuthorDate: Wed Apr 12 00:00:09 2023 -0700
fix: URL parsing for ATS in node 18 (#1302)
Fixes #1290
---
lib/prepare.js | 46 +++++++++++++++++++++++-----------------------
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/lib/prepare.js b/lib/prepare.js
index f1333e30..ab9746b5 100644
--- a/lib/prepare.js
+++ b/lib/prepare.js
@@ -997,12 +997,8 @@ function processAccessAndAllowNavigationEntries (config) {
null is returned if the URL cannot be parsed, or is to be skipped for ATS.
*/
function parseAllowlistUrlForATS (url, options) {
- // @todo 'url.parse' was deprecated since v11.0.0. Use 'url.URL'
constructor instead.
- const href = URL.parse(url); // eslint-disable-line
- const retObj = {};
- retObj.Hostname = href.hostname;
-
// Guiding principle: we only set values in retObj if they are NOT the
default
+ const retObj = {};
if (url === '*') {
retObj.Hostname = '*';
@@ -1026,27 +1022,33 @@ function parseAllowlistUrlForATS (url, options) {
return retObj;
}
- if (!retObj.Hostname) {
- // check origin, if it allows subdomains (wildcard in hostname), we
set NSIncludesSubdomains to YES. Default is NO
- const subdomain1 = '/*.'; // wildcard in hostname
- const subdomain2 = '*://*.'; // wildcard in hostname and protocol
- const subdomain3 = '*://'; // wildcard in protocol only
- if (!href.pathname) {
- return null;
- } else if (href.pathname.indexOf(subdomain1) === 0) {
- retObj.NSIncludesSubdomains = true;
- retObj.Hostname = href.pathname.substring(subdomain1.length);
- } else if (href.pathname.indexOf(subdomain2) === 0) {
- retObj.NSIncludesSubdomains = true;
- retObj.Hostname = href.pathname.substring(subdomain2.length);
- } else if (href.pathname.indexOf(subdomain3) === 0) {
- retObj.Hostname = href.pathname.substring(subdomain3.length);
+ let href = null;
+ try {
+ href = new URL.URL(url);
+ } catch (e) {
+ const scheme = url.split(':')[0];
+ // If there's a wildcard in the protocol, the URL will fail to parse
+ // Replace it with "http" to allow insecure loads
+ if (scheme.includes('*')) {
+ href = new URL.URL(url.replace(scheme, 'http'));
} else {
- // Handling "scheme:*" case to avoid creating of a blank key in
NSExceptionDomains.
return null;
}
}
+ retObj.Hostname = href.hostname;
+
+ // Handling "scheme:*" case to avoid creating of a blank key in
NSExceptionDomains.
+ if (retObj.Hostname === '') {
+ return null;
+ }
+
+ // check origin, if it allows subdomains (wildcard in hostname), we set
NSIncludesSubdomains to YES. Default is NO
+ if (retObj.Hostname.startsWith('*.')) {
+ retObj.NSIncludesSubdomains = true;
+ retObj.Hostname = href.hostname.substring(2);
+ }
+
if (options.minimum_tls_version && options.minimum_tls_version !==
'TLSv1.2') { // default is TLSv1.2
retObj.NSExceptionMinimumTLSVersion = options.minimum_tls_version;
}
@@ -1064,8 +1066,6 @@ function parseAllowlistUrlForATS (url, options) {
// if the scheme is HTTP, we set NSExceptionAllowsInsecureHTTPLoads to
YES. Default is NO
if (href.protocol === 'http:') {
retObj.NSExceptionAllowsInsecureHTTPLoads = true;
- } else if (!href.protocol && href.pathname.indexOf('*:/') === 0) { //
wilcard in protocol
- retObj.NSExceptionAllowsInsecureHTTPLoads = true;
}
return retObj;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cordova.apache.org
For additional commands, e-mail: commits-h...@cordova.apache.org
