fixes #8083

2 files changed, 36 insertions, 2 deletions

diff --git a/packages/web-util/src/utils/http-impl.browser.ts b/packages/web-util/src/utils/http-impl.browser.ts
index 18140ef13..5d65c3903 100644
--- a/packages/web-util/src/utils/http-impl.browser.ts
+++ b/packages/web-util/src/utils/http-impl.browser.ts
@@ -33,6 +33,7 @@ import {
   getDefaultHeaders,
   encodeBody,
   DEFAULT_REQUEST_TIMEOUT_MS,
+  HttpLibArgs,
 } from "@gnu-taler/taler-util/http";
 
 const logger = new Logger("browserHttpLib");
@@ -44,6 +45,12 @@ const logger = new Logger("browserHttpLib");
 export class BrowserHttpLib implements HttpRequestLibrary {
   private throttle = new RequestThrottler();
   private throttlingEnabled = true;
+  private requireTls = false;
+
+  constructor(args?: HttpLibArgs) {
+    this.throttlingEnabled = args?.enableThrottling ?? true;
+    this.requireTls = args?.requireTls ?? false;
+  }
 
   fetch(
     requestUrl: string,
@@ -55,8 +62,8 @@ export class BrowserHttpLib implements HttpRequestLibrary {
     const requestTimeout =
       options?.timeout ?? Duration.fromMilliseconds(DEFAULT_REQUEST_TIMEOUT_MS);
 
+    const parsedUrl = new URL(requestUrl);
     if (this.throttlingEnabled && this.throttle.applyThrottle(requestUrl)) {
-      const parsedUrl = new URL(requestUrl);
       throw TalerError.fromDetail(
         TalerErrorCode.WALLET_HTTP_REQUEST_THROTTLED,
         {
@@ -67,6 +74,16 @@ export class BrowserHttpLib implements HttpRequestLibrary {
         `request to origin ${parsedUrl.origin} was throttled`,
       );
     }
+    if (this.requireTls && parsedUrl.protocol !== "https:") {
+      throw TalerError.fromDetail(
+        TalerErrorCode.WALLET_NETWORK_ERROR,
+        {
+          requestMethod: requestMethod,
+          requestUrl: requestUrl,
+        },
+        `request to ${parsedUrl.origin} is not possible with protocol ${parsedUrl.protocol}`,
+      );
+    }
 
     let myBody: ArrayBuffer | undefined =
       requestMethod === "POST" || requestMethod === "PUT" || requestMethod === "PATCH"
diff --git a/packages/web-util/src/utils/http-impl.sw.ts b/packages/web-util/src/utils/http-impl.sw.ts
index 3c269e695..2ae4ccd86 100644
--- a/packages/web-util/src/utils/http-impl.sw.ts
+++ b/packages/web-util/src/utils/http-impl.sw.ts
@@ -27,6 +27,7 @@ import {
 import {
   DEFAULT_REQUEST_TIMEOUT_MS,
   Headers,
+  HttpLibArgs,
   HttpRequestLibrary,
   HttpRequestOptions,
   HttpResponse,
@@ -41,6 +42,12 @@ import {
 export class ServiceWorkerHttpLib implements HttpRequestLibrary {
   private throttle = new RequestThrottler();
   private throttlingEnabled = true;
+  private requireTls = false;
+
+  public constructor(args?: HttpLibArgs) {
+    this.throttlingEnabled = args?.enableThrottling ?? true;
+    this.requireTls = args?.requireTls ?? false;
+  }
 
   async fetch(
     requestUrl: string,
@@ -52,8 +59,8 @@ export class ServiceWorkerHttpLib implements HttpRequestLibrary {
     const requestTimeout =
       options?.timeout ?? Duration.fromMilliseconds(DEFAULT_REQUEST_TIMEOUT_MS);
 
+    const parsedUrl = new URL(requestUrl);
     if (this.throttlingEnabled && this.throttle.applyThrottle(requestUrl)) {
-      const parsedUrl = new URL(requestUrl);
       throw TalerError.fromDetail(
         TalerErrorCode.WALLET_HTTP_REQUEST_THROTTLED,
         {
@@ -64,6 +71,16 @@ export class ServiceWorkerHttpLib implements HttpRequestLibrary {
         `request to origin ${parsedUrl.origin} was throttled`,
       );
     }
+    if (this.requireTls && parsedUrl.protocol !== "https:") {
+      throw TalerError.fromDetail(
+        TalerErrorCode.WALLET_NETWORK_ERROR,
+        {
+          requestMethod: requestMethod,
+          requestUrl: requestUrl,
+        },
+        `request to ${parsedUrl.origin} is not possible with protocol ${parsedUrl.protocol}`,
+      );
+    }
 
     let myBody: ArrayBuffer | undefined =
       requestMethod === "POST" ? encodeBody(requestBody) : undefined;