diff options
author | Florian Dold <florian.dold@gmail.com> | 2018-02-07 16:15:40 +0100 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2018-02-07 16:15:40 +0100 |
commit | f1bef0473bf5e3f2661dd6ba82f6350164ff69ab (patch) | |
tree | 528f0125de466c6cb2fd64b8be71700c29f86e1e /src/webex/wxBackend.ts | |
parent | 9b0cd71a4dea13fa80c69d0ff8644e3a77c34874 (diff) | |
download | wallet-core-f1bef0473bf5e3f2661dd6ba82f6350164ff69ab.tar.xz |
prevent embedding wallet pages in other web pages
Diffstat (limited to 'src/webex/wxBackend.ts')
-rw-r--r-- | src/webex/wxBackend.ts | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/src/webex/wxBackend.ts b/src/webex/wxBackend.ts index a778cc986..f1116637d 100644 --- a/src/webex/wxBackend.ts +++ b/src/webex/wxBackend.ts @@ -449,6 +449,21 @@ async function talerPay(fields: any, url: string, tabId: number): Promise<string } +function makeSyncWalletRedirect(url: string, params?: {[name: string]: string | undefined}): object { + const innerUrl = new URI(chrome.extension.getURL("/src/webex/pages/" + url)); + if (params) { + for (const key in params) { + if (params[key]) { + innerUrl.addSearch(key, params[key]); + } + } + } + const outerUrl = new URI(chrome.extension.getURL("/src/webex/pages/redirect.html")); + outerUrl.addSearch("url", innerUrl); + return { redirectUrl: outerUrl.href() }; +} + + /** * Handle a HTTP response that has the "402 Payment Required" status. * In this callback we don't have access to the body, and must communicate via @@ -497,30 +512,22 @@ function handleHttpPayment(headerList: chrome.webRequest.HttpHeader[], url: stri } // Synchronous fast path for new contract if (fields.contract_url) { - const uri = new URI(chrome.extension.getURL("/src/webex/pages/confirm-contract.html")); - uri.addSearch("contractUrl", fields.contract_url); - if (fields.session_id) { - uri.addSearch("sessionId", fields.session_id); - } - if (fields.resource_url) { - uri.addSearch("resourceUrl", fields.resource_url); - } - return { redirectUrl: uri.href() }; + return makeSyncWalletRedirect("confirm-contract.html", { + contractUrl: fields.contract_url, + sessionId: fields.session_id, + resourceUrl: fields.resource_url, + }); } // Synchronous fast path for tip if (fields.tip) { - const uri = new URI(chrome.extension.getURL("/src/webex/pages/tip.html")); - uri.query({ tip_token: fields.tip }); - return { redirectUrl: uri.href() }; + return makeSyncWalletRedirect("tip.html", { tip_token: fields.tip }); } // Synchronous fast path for refund if (fields.refund_url) { console.log("processing refund"); - const uri = new URI(chrome.extension.getURL("/src/webex/pages/refund.html")); - uri.query({ refundUrl: fields.refund_url }); - return { redirectUrl: uri.href() }; + return makeSyncWalletRedirect("refund.html", { refundUrl: fields.refund_url }); } // We need to do some asynchronous operation, we can't directly redirect |