random-mirrors/cosmos-explorer
1
0
Fork 0
mirror of https://github.com/Azure/cosmos-explorer.git synced 2026-06-29 01:27:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Security hardening for Try Cosmos DB connection string flow (#2500)

Browse Source 
* Security hardening for Try Cosmos DB connection string flow

- Validate connection string format via parseConnectionString before accepting postMessage
- Restrict localhost:12900 in allowedHostedExplorerEndpoints to development builds only
- Export App component for testability with null-check on render target
- Add 12 unit tests covering origin validation, format validation, and message handling

* Fix HostedExplorer test mock types for compile

---------

Co-authored-by: Asier Isayas <aisayas@microsoft.com>
This commit is contained in:
asier-isayas
2026-05-26 13:46:33 -04:00
committed by GitHub
parent 7295d63aaf
commit 5ee2ca37d5
3 changed files with 259 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Utils/EndpointUtils.ts
+1 -1
View File
@@ -85,7 +85,7 @@ export const allowedArcadiaEndpoints: ReadonlyArray<string> = ["https://workspac
export const allowedHostedExplorerEndpoints: ReadonlyArray<string> = [
"https://cosmos.azure.com",
"https://localhost:12900",
...(process.env.NODE_ENV === "development" ? ["https://localhost:12900"] : []),
];
export const allowedMsalRedirectEndpoints: ReadonlyArray<string> = ["https://dataexplorer-preview.azurewebsites.net/"];