Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F33313872
D12106.1768819948.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
2 KB
Referenced Files
None
Subscribers
None
D12106.1768819948.diff
View Options
diff --git a/services/identity/src/config.rs b/services/identity/src/config.rs
--- a/services/identity/src/config.rs
+++ b/services/identity/src/config.rs
@@ -9,10 +9,11 @@
use url::Url;
use crate::constants::{
- cors::ALLOW_ORIGIN_LIST, DEFAULT_OPENSEARCH_ENDPOINT,
- DEFAULT_TUNNELBROKER_ENDPOINT, KEYSERVER_PUBLIC_KEY, LOCALSTACK_ENDPOINT,
- OPAQUE_SERVER_SETUP, OPENSEARCH_ENDPOINT, SECRETS_DIRECTORY,
- SECRETS_SETUP_FILE, TUNNELBROKER_GRPC_ENDPOINT,
+ cors::ALLOW_ORIGIN_LIST, cors::PROD_ORIGIN_HOST_STR,
+ DEFAULT_OPENSEARCH_ENDPOINT, DEFAULT_TUNNELBROKER_ENDPOINT,
+ KEYSERVER_PUBLIC_KEY, LOCALSTACK_ENDPOINT, OPAQUE_SERVER_SETUP,
+ OPENSEARCH_ENDPOINT, SECRETS_DIRECTORY, SECRETS_SETUP_FILE,
+ TUNNELBROKER_GRPC_ENDPOINT,
};
/// Raw CLI arguments, should be only used internally to create ServerConfig
@@ -208,9 +209,12 @@
if !matches!(url.scheme(), "http" | "https") {
return Err(Error::InvalidOrigin(InvalidOriginError::InvalidScheme));
};
- if url.host_str().is_none() {
+ let Some(host_str) = url.host_str() else {
return Err(Error::InvalidOrigin(InvalidOriginError::MissingHost));
};
+ if host_str == PROD_ORIGIN_HOST_STR {
+ return Ok(());
+ }
if url.port().is_none() {
return Err(Error::InvalidOrigin(InvalidOriginError::MissingPort));
};
@@ -248,9 +252,19 @@
);
}
+ #[test]
+ fn test_valid_origin_missing_port() {
+ // If the host is web.comm.app, we do not require a port
+ let valid_origin = "https://web.comm.app";
+ assert!(
+ validate_origin(valid_origin).is_ok(),
+ "Expected origin missing port to be valid"
+ );
+ }
+
#[test]
fn test_invalid_origin_missing_port() {
- // We require that the port always be specified in origins
+ // If the host is not web.comm.app, we require a port
let invalid_origin = "http://localhost";
assert!(
validate_origin(invalid_origin).is_err(),
diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs
--- a/services/identity/src/constants.rs
+++ b/services/identity/src/constants.rs
@@ -254,6 +254,8 @@
super::request_metadata::ACCESS_TOKEN,
];
pub const ALLOW_ORIGIN_LIST: &str = "ALLOW_ORIGIN_LIST";
+
+ pub const PROD_ORIGIN_HOST_STR: &str = "web.comm.app";
}
// Tracing
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Jan 19, 10:52 AM (15 h, 20 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5955989
Default Alt Text
D12106.1768819948.diff (2 KB)
Attached To
Mode
D12106: [identity] fix origin validation logic
Attached
Detach File
Event Timeline
Log In to Comment