prevent http request without enable it explicitly

1 files changed, 12 insertions, 0 deletions

diff --git a/packages/taler-util/src/http-impl.node.ts b/packages/taler-util/src/http-impl.node.ts
index 6dfce934f..4df1feaf0 100644
--- a/packages/taler-util/src/http-impl.node.ts
+++ b/packages/taler-util/src/http-impl.node.ts
@@ -49,9 +49,11 @@ const textDecoder = new TextDecoder();
 export class HttpLibImpl implements HttpRequestLibrary {
   private throttle = new RequestThrottler();
   private throttlingEnabled = true;
+  private allowHttp = false;
 
   constructor(args?: HttpLibArgs) {
     this.throttlingEnabled = args?.enableThrottling ?? false;
+    this.allowHttp = args?.allowHttp ?? false;
   }
 
   /**
@@ -78,6 +80,16 @@ export class HttpLibImpl implements HttpRequestLibrary {
         `request to origin ${parsedUrl.origin} was throttled`,
       );
     }
+    if (!this.allowHttp && parsedUrl.protocol !== "https:") {
+      throw TalerError.fromDetail(
+        TalerErrorCode.WALLET_NETWORK_ERROR,
+        {
+          requestMethod: method,
+          requestUrl: url,
+        },
+        `request to ${parsedUrl.origin} is not possible with protocol ${parsedUrl.protocol}`,
+      );
+    }
     let timeoutMs: number | undefined;
     if (typeof opt?.timeout?.d_ms === "number") {
       timeoutMs = opt.timeout.d_ms;