aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2017-02-13 03:28:36 +0100
committerFlorian Dold <florian.dold@gmail.com>2017-02-13 03:28:36 +0100
commitd143ba95000f0b03685583fb9442863b9270e5a9 (patch)
tree19a8217962e5fd9db610a846e838b20a604d211c /src
parent08d4a5b62532f867d3af67d8b8ad72921d02412a (diff)
downloadwallet-core-d143ba95000f0b03685583fb9442863b9270e5a9.tar.xz
check for contract freshness
Diffstat (limited to 'src')
-rw-r--r--src/content_scripts/notify.ts10
-rw-r--r--src/types.ts3
2 files changed, 11 insertions, 2 deletions
diff --git a/src/content_scripts/notify.ts b/src/content_scripts/notify.ts
index 10b988c43..d29e5913d 100644
--- a/src/content_scripts/notify.ts
+++ b/src/content_scripts/notify.ts
@@ -173,7 +173,9 @@ namespace TalerNotify {
(detail: any, sendResponse: (msg: any) => void): void;
}
- function downloadContract(url: string): Promise<any> {
+ function downloadContract(url: string, nonce: string): Promise<any> {
+ let parsed_url = URI(url);
+ url = parsed_url.setQuery({nonce}).href();
// FIXME: include and check nonce!
return new Promise((resolve, reject) => {
const contract_request = new XMLHttpRequest();
@@ -356,7 +358,11 @@ namespace TalerNotify {
return;
}
if (msg.contract_url) {
- let proposal = await downloadContract(msg.contract_url);
+ let nonce = Math.round(Math.random() * 0xFFFF).toString()
+ let proposal = await downloadContract(msg.contract_url, nonce);
+ if (proposal.data.nonce != nonce) {
+ console.error("stale contract");
+ }
await processProposal(proposal);
return;
}
diff --git a/src/types.ts b/src/types.ts
index ab50c7369..30e9b7856 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -444,6 +444,9 @@ export class Contract {
@Checkable.Optional(Checkable.String)
summary?: string;
+ @Checkable.Optional(Checkable.String)
+ nonce?: string;
+
@Checkable.Value(AmountJson)
amount: AmountJson;
generated by cgit v1.2.3 (git 2.26.2) at 2024-08-21 05:02:20 +0000