Fix build and move allowedParentOrigins back to ConfigContext

src/ConfigContext.ts

@@ -20,6 +20,7 @@ export enum Platform {
 
 export interface ConfigContext {
   platform: Platform;
+  allowedParentFrameOrigins: ReadonlyArray<string>;
   gitSha?: string;
   proxyPath?: string;
   AAD_ENDPOINT: string;
@@ -47,7 +48,14 @@ export interface ConfigContext {
 // Default configuration
 let configContext: Readonly<ConfigContext> = {
   platform: Platform.Portal,
-  // Webpack injects this at build time
+  allowedParentFrameOrigins: [
+    `^https:\\/\\/cosmos\\.azure\\.(com|cn|us)$`,
+    `^https:\\/\\/[\\.\\w]*portal\\.azure\\.(com|cn|us)$`,
+    `^https:\\/\\/[\\.\\w]*portal\\.microsoftazure.de$`,
+    `^https:\\/\\/[\\.\\w]*ext\\.azure\\.(com|cn|us)$`,
+    `^https:\\/\\/[\\.\\w]*\\.ext\\.microsoftazure\\.de$`,
+    `^https://cosmos-db-dataexplorer-germanycentral.azurewebsites.de$`,
+  ], // Webpack injects this at build time
   gitSha: process.env.GIT_SHA,
   hostedExplorerURL: "https://cosmos.azure.com/",
   AAD_ENDPOINT: "https://login.microsoftonline.com/",

src/Juno/JunoClient.ts

@@ -1,5 +1,5 @@
 import ko from "knockout";
-import { validateEndpoint } from "Utils/EndpointValidation";
+import { allowedJunoOrigins, validateEndpoint } from "Utils/EndpointValidation";
 import { GetGithubClientId } from "Utils/GitHubUtils";
 import { HttpHeaders, HttpStatusCodes } from "../Common/Constants";
 import { configContext } from "../ConfigContext";
@@ -485,7 +485,7 @@ export class JunoClient {
   // public for tests
   public static getJunoEndpoint(): string {
     const junoEndpoint = userContext.features.junoEndpoint ?? configContext.JUNO_ENDPOINT;
-    if (!validateEndpoint(junoEndpoint, configContext.allowedJunoOrigins)) {
+    if (!validateEndpoint(junoEndpoint, allowedJunoOrigins)) {
       const error = `${junoEndpoint} not allowed as juno endpoint`;
       console.error(error);
       throw new Error(error);

src/Phoenix/PhoenixClient.ts

@@ -1,6 +1,6 @@
 import promiseRetry, { AbortError } from "p-retry";
 import { Action } from "Shared/Telemetry/TelemetryConstants";
-import { validateEndpoint } from "Utils/EndpointValidation";
+import { allowedJunoOrigins, validateEndpoint } from "Utils/EndpointValidation";
 import {
   Areas,
   ConnectionStatusType,
@@ -155,7 +155,7 @@ export class PhoenixClient {
   public static getPhoenixEndpoint(): string {
     const phoenixEndpoint =
       userContext.features.phoenixEndpoint ?? userContext.features.junoEndpoint ?? configContext.JUNO_ENDPOINT;
-    if (!validateEndpoint(phoenixEndpoint, configContext.allowedJunoOrigins)) {
+    if (!validateEndpoint(phoenixEndpoint, allowedJunoOrigins)) {
       const error = `${phoenixEndpoint} not allowed as juno endpoint`;
       console.error(error);
       throw new Error(error);

src/Utils/EndpointValidation.ts

@@ -71,15 +71,6 @@ export const allowedMsalRedirectEndpoints: ReadonlyArray<string> = [
   "https://cosmos-explorer-preview.azurewebsites.net/",
 ];
 
-export const allowedParentFrameOrigins: ReadonlyArray<string> = [
-  `^https:\\/\\/cosmos\\.azure\\.(com|cn|us)$`,
-  `^https:\\/\\/[\\.\\w]*portal\\.azure\\.(com|cn|us)$`,
-  `^https:\\/\\/[\\.\\w]*portal\\.microsoftazure.de$`,
-  `^https:\\/\\/[\\.\\w]*ext\\.azure\\.(com|cn|us)$`,
-  `^https:\\/\\/[\\.\\w]*\\.ext\\.microsoftazure\\.de$`,
-  `^https://cosmos-db-dataexplorer-germanycentral.azurewebsites.de$`,
-];
-
 export const allowedJunoOrigins: ReadonlyArray<string> = [
   JunoEndpoints.Test,
   JunoEndpoints.Test2,

src/Utils/MessageValidation.ts

@@ -1,7 +1,7 @@
-import { allowedParentFrameOrigins } from "Utils/EndpointValidation";
+import { configContext } from "../ConfigContext";
 
 export function isInvalidParentFrameOrigin(event: MessageEvent): boolean {
-  return !isValidOrigin(allowedParentFrameOrigins, event);
+  return !isValidOrigin(configContext.allowedParentFrameOrigins, event);
 }
 
 function isValidOrigin(allowedOrigins: ReadonlyArray<string>, event: MessageEvent): boolean {