diff options
author | Florian Dold <florian.dold@gmail.com> | 2017-02-13 03:28:36 +0100 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2017-02-13 03:28:36 +0100 |
commit | d143ba95000f0b03685583fb9442863b9270e5a9 (patch) | |
tree | 19a8217962e5fd9db610a846e838b20a604d211c /src | |
parent | 08d4a5b62532f867d3af67d8b8ad72921d02412a (diff) | |
download | wallet-core-d143ba95000f0b03685583fb9442863b9270e5a9.tar.xz |
check for contract freshness
Diffstat (limited to 'src')
-rw-r--r-- | src/content_scripts/notify.ts | 10 | ||||
-rw-r--r-- | src/types.ts | 3 |
2 files changed, 11 insertions, 2 deletions
diff --git a/src/content_scripts/notify.ts b/src/content_scripts/notify.ts index 10b988c43..d29e5913d 100644 --- a/src/content_scripts/notify.ts +++ b/src/content_scripts/notify.ts @@ -173,7 +173,9 @@ namespace TalerNotify { (detail: any, sendResponse: (msg: any) => void): void; } - function downloadContract(url: string): Promise<any> { + function downloadContract(url: string, nonce: string): Promise<any> { + let parsed_url = URI(url); + url = parsed_url.setQuery({nonce}).href(); // FIXME: include and check nonce! return new Promise((resolve, reject) => { const contract_request = new XMLHttpRequest(); @@ -356,7 +358,11 @@ namespace TalerNotify { return; } if (msg.contract_url) { - let proposal = await downloadContract(msg.contract_url); + let nonce = Math.round(Math.random() * 0xFFFF).toString() + let proposal = await downloadContract(msg.contract_url, nonce); + if (proposal.data.nonce != nonce) { + console.error("stale contract"); + } await processProposal(proposal); return; } diff --git a/src/types.ts b/src/types.ts index ab50c7369..30e9b7856 100644 --- a/src/types.ts +++ b/src/types.ts @@ -444,6 +444,9 @@ export class Contract { @Checkable.Optional(Checkable.String) summary?: string; + @Checkable.Optional(Checkable.String) + nonce?: string; + @Checkable.Value(AmountJson) amount: AmountJson; |