HomePhabricator
Diffusion Comm 7001e487e341

[tunnelbroker] disallow windows device tokens that don't contain the correct…
7001e487e341
Actions

Description

[tunnelbroker] disallow windows device tokens that don't contain the correct domain

Summary:
the device token should be a valid URL and should contain the correct domain. per the docs:

It is important that the cloud service always ensures that the channel URI uses the domain "notify.windows.com". The service should never push notifications to a channel on any other domain. If the callback for your app is ever compromised, a malicious attacker could submit a channel URI to spoof WNS. Without inspecting the domain, your cloud service could potentially disclose information to this attacker unknowingly. The subdomain of the channel URI is subject to change and should not be considered when validating the channel URI.

Depends on D13020

Test Plan: tried to send an invalid windows device token and it was rejected, verified that it wasn't in DDB

Reviewers: bartek, kamil

Reviewed By: bartek, kamil

Subscribers: ashoat, tomek

Differential Revision: https://phab.comm.dev/D13022

Details

Provenance
varunAuthored on Aug 7 2024, 4:05 PM
Reviewer
bartek
Differential Revision
D13022: [tunnelbroker] disallow windows device tokens that don't contain the correct domain
Parents
rCOMM249f1d9e48c5: [terraform] configure personal ip address through script and not allowed_ips var
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
desktop/
src/
lib/
reducers/
services/
tunnelbroker/
src/
websockets/

rCOMM7001e487e341

View Options

desktop/src/push-notifications.js

Loading...
View Options

lib/reducers/tunnelbroker-device-token-reducer.js

Loading...
View Options

services/tunnelbroker/src/websockets/session.rs

Loading...