diff options
author | Sebastian <sebasjm@gmail.com> | 2024-01-15 17:34:19 -0300 |
---|---|---|
committer | Sebastian <sebasjm@gmail.com> | 2024-01-15 17:36:48 -0300 |
commit | 2e2cf4049a771c82fcc520686de3ace7603baa05 (patch) | |
tree | 620ab22d4fc0f621d0a574c8f98d1c49f1d67804 /packages/web-util | |
parent | ef0bb60f23c0c755814f648b8d71a29a843e066c (diff) | |
download | wallet-core-2e2cf4049a771c82fcc520686de3ace7603baa05.tar.xz |
fixes #8083
Diffstat (limited to 'packages/web-util')
-rw-r--r-- | packages/web-util/src/utils/http-impl.browser.ts | 19 | ||||
-rw-r--r-- | packages/web-util/src/utils/http-impl.sw.ts | 19 |
2 files changed, 36 insertions, 2 deletions
diff --git a/packages/web-util/src/utils/http-impl.browser.ts b/packages/web-util/src/utils/http-impl.browser.ts index 18140ef13..5d65c3903 100644 --- a/packages/web-util/src/utils/http-impl.browser.ts +++ b/packages/web-util/src/utils/http-impl.browser.ts @@ -33,6 +33,7 @@ import { getDefaultHeaders, encodeBody, DEFAULT_REQUEST_TIMEOUT_MS, + HttpLibArgs, } from "@gnu-taler/taler-util/http"; const logger = new Logger("browserHttpLib"); @@ -44,6 +45,12 @@ const logger = new Logger("browserHttpLib"); export class BrowserHttpLib implements HttpRequestLibrary { private throttle = new RequestThrottler(); private throttlingEnabled = true; + private requireTls = false; + + constructor(args?: HttpLibArgs) { + this.throttlingEnabled = args?.enableThrottling ?? true; + this.requireTls = args?.requireTls ?? false; + } fetch( requestUrl: string, @@ -55,8 +62,8 @@ export class BrowserHttpLib implements HttpRequestLibrary { const requestTimeout = options?.timeout ?? Duration.fromMilliseconds(DEFAULT_REQUEST_TIMEOUT_MS); + const parsedUrl = new URL(requestUrl); if (this.throttlingEnabled && this.throttle.applyThrottle(requestUrl)) { - const parsedUrl = new URL(requestUrl); throw TalerError.fromDetail( TalerErrorCode.WALLET_HTTP_REQUEST_THROTTLED, { @@ -67,6 +74,16 @@ export class BrowserHttpLib implements HttpRequestLibrary { `request to origin ${parsedUrl.origin} was throttled`, ); } + if (this.requireTls && parsedUrl.protocol !== "https:") { + throw TalerError.fromDetail( + TalerErrorCode.WALLET_NETWORK_ERROR, + { + requestMethod: requestMethod, + requestUrl: requestUrl, + }, + `request to ${parsedUrl.origin} is not possible with protocol ${parsedUrl.protocol}`, + ); + } let myBody: ArrayBuffer | undefined = requestMethod === "POST" || requestMethod === "PUT" || requestMethod === "PATCH" diff --git a/packages/web-util/src/utils/http-impl.sw.ts b/packages/web-util/src/utils/http-impl.sw.ts index 3c269e695..2ae4ccd86 100644 --- a/packages/web-util/src/utils/http-impl.sw.ts +++ b/packages/web-util/src/utils/http-impl.sw.ts @@ -27,6 +27,7 @@ import { import { DEFAULT_REQUEST_TIMEOUT_MS, Headers, + HttpLibArgs, HttpRequestLibrary, HttpRequestOptions, HttpResponse, @@ -41,6 +42,12 @@ import { export class ServiceWorkerHttpLib implements HttpRequestLibrary { private throttle = new RequestThrottler(); private throttlingEnabled = true; + private requireTls = false; + + public constructor(args?: HttpLibArgs) { + this.throttlingEnabled = args?.enableThrottling ?? true; + this.requireTls = args?.requireTls ?? false; + } async fetch( requestUrl: string, @@ -52,8 +59,8 @@ export class ServiceWorkerHttpLib implements HttpRequestLibrary { const requestTimeout = options?.timeout ?? Duration.fromMilliseconds(DEFAULT_REQUEST_TIMEOUT_MS); + const parsedUrl = new URL(requestUrl); if (this.throttlingEnabled && this.throttle.applyThrottle(requestUrl)) { - const parsedUrl = new URL(requestUrl); throw TalerError.fromDetail( TalerErrorCode.WALLET_HTTP_REQUEST_THROTTLED, { @@ -64,6 +71,16 @@ export class ServiceWorkerHttpLib implements HttpRequestLibrary { `request to origin ${parsedUrl.origin} was throttled`, ); } + if (this.requireTls && parsedUrl.protocol !== "https:") { + throw TalerError.fromDetail( + TalerErrorCode.WALLET_NETWORK_ERROR, + { + requestMethod: requestMethod, + requestUrl: requestUrl, + }, + `request to ${parsedUrl.origin} is not possible with protocol ${parsedUrl.protocol}`, + ); + } let myBody: ArrayBuffer | undefined = requestMethod === "POST" ? encodeBody(requestBody) : undefined; |