mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
Use url.hostname instead of url.host to allow host from environment variable (#326)
Co-authored-by <yohan.boniface@free.fr>
This commit is contained in:
parent
caef8bae22
commit
eea2ef5cfb
@ -117,7 +117,7 @@ export function matchesBaseDomain(domain: string, baseDomain: string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export function isEnvironmentAllowedHost(url: string|URL) {
|
export function isEnvironmentAllowedHost(url: string|URL) {
|
||||||
const urlHost = (typeof url === 'string') ? url : url.host;
|
const urlHost = (typeof url === 'string') ? url : url.hostname;
|
||||||
return (process.env.GRIST_ALLOWED_HOSTS || "").split(",").some(domain =>
|
return (process.env.GRIST_ALLOWED_HOSTS || "").split(",").some(domain =>
|
||||||
domain && matchesBaseDomain(urlHost, domain)
|
domain && matchesBaseDomain(urlHost, domain)
|
||||||
);
|
);
|
||||||
|
@ -3035,6 +3035,7 @@ function testDocApi() {
|
|||||||
await checkOrigin("https://www.toto.com", 403, "Unrecognized origin");
|
await checkOrigin("https://www.toto.com", 403, "Unrecognized origin");
|
||||||
await checkOrigin("https://badexample.com", 403, "Unrecognized origin");
|
await checkOrigin("https://badexample.com", 403, "Unrecognized origin");
|
||||||
await checkOrigin("https://bad.com/example.com/toto", 403, "Unrecognized origin");
|
await checkOrigin("https://bad.com/example.com/toto", 403, "Unrecognized origin");
|
||||||
|
await checkOrigin("https://example.com:3000/path", 200);
|
||||||
await checkOrigin("https://example.com/path", 200);
|
await checkOrigin("https://example.com/path", 200);
|
||||||
await checkOrigin("https://good.example.com/toto", 200);
|
await checkOrigin("https://good.example.com/toto", 200);
|
||||||
});
|
});
|
||||||
@ -3133,7 +3134,7 @@ class TestServer {
|
|||||||
REDIS_URL: process.env.TEST_REDIS_URL,
|
REDIS_URL: process.env.TEST_REDIS_URL,
|
||||||
APP_HOME_URL: _homeUrl,
|
APP_HOME_URL: _homeUrl,
|
||||||
ALLOWED_WEBHOOK_DOMAINS: `example.com,localhost:${webhooksTestPort}`,
|
ALLOWED_WEBHOOK_DOMAINS: `example.com,localhost:${webhooksTestPort}`,
|
||||||
GRIST_ALLOWED_HOSTS: `example.com,localhost:${webhooksTestPort}`,
|
GRIST_ALLOWED_HOSTS: `example.com,localhost`,
|
||||||
...process.env
|
...process.env
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user