diff --git a/src/ConfigContext.ts b/src/ConfigContext.ts index 85524f540..d63301a61 100644 --- a/src/ConfigContext.ts +++ b/src/ConfigContext.ts @@ -20,6 +20,7 @@ export enum Platform { export interface ConfigContext { platform: Platform; + allowedParentFrameOrigins: ReadonlyArray; gitSha?: string; proxyPath?: string; AAD_ENDPOINT: string; @@ -47,7 +48,14 @@ export interface ConfigContext { // Default configuration let configContext: Readonly = { platform: Platform.Portal, - // Webpack injects this at build time + allowedParentFrameOrigins: [ + `^https:\\/\\/cosmos\\.azure\\.(com|cn|us)$`, + `^https:\\/\\/[\\.\\w]*portal\\.azure\\.(com|cn|us)$`, + `^https:\\/\\/[\\.\\w]*portal\\.microsoftazure.de$`, + `^https:\\/\\/[\\.\\w]*ext\\.azure\\.(com|cn|us)$`, + `^https:\\/\\/[\\.\\w]*\\.ext\\.microsoftazure\\.de$`, + `^https://cosmos-db-dataexplorer-germanycentral.azurewebsites.de$`, + ], // Webpack injects this at build time gitSha: process.env.GIT_SHA, hostedExplorerURL: "https://cosmos.azure.com/", AAD_ENDPOINT: "https://login.microsoftonline.com/", diff --git a/src/Juno/JunoClient.ts b/src/Juno/JunoClient.ts index e135d7a4a..8296500cc 100644 --- a/src/Juno/JunoClient.ts +++ b/src/Juno/JunoClient.ts @@ -1,5 +1,5 @@ import ko from "knockout"; -import { validateEndpoint } from "Utils/EndpointValidation"; +import { allowedJunoOrigins, validateEndpoint } from "Utils/EndpointValidation"; import { GetGithubClientId } from "Utils/GitHubUtils"; import { HttpHeaders, HttpStatusCodes } from "../Common/Constants"; import { configContext } from "../ConfigContext"; @@ -485,7 +485,7 @@ export class JunoClient { // public for tests public static getJunoEndpoint(): string { const junoEndpoint = userContext.features.junoEndpoint ?? configContext.JUNO_ENDPOINT; - if (!validateEndpoint(junoEndpoint, configContext.allowedJunoOrigins)) { + if (!validateEndpoint(junoEndpoint, allowedJunoOrigins)) { const error = `${junoEndpoint} not allowed as juno endpoint`; console.error(error); throw new Error(error); diff --git a/src/Phoenix/PhoenixClient.ts b/src/Phoenix/PhoenixClient.ts index 1c1f9d6b1..e703f48e5 100644 --- a/src/Phoenix/PhoenixClient.ts +++ b/src/Phoenix/PhoenixClient.ts @@ -1,6 +1,6 @@ import promiseRetry, { AbortError } from "p-retry"; import { Action } from "Shared/Telemetry/TelemetryConstants"; -import { validateEndpoint } from "Utils/EndpointValidation"; +import { allowedJunoOrigins, validateEndpoint } from "Utils/EndpointValidation"; import { Areas, ConnectionStatusType, @@ -155,7 +155,7 @@ export class PhoenixClient { public static getPhoenixEndpoint(): string { const phoenixEndpoint = userContext.features.phoenixEndpoint ?? userContext.features.junoEndpoint ?? configContext.JUNO_ENDPOINT; - if (!validateEndpoint(phoenixEndpoint, configContext.allowedJunoOrigins)) { + if (!validateEndpoint(phoenixEndpoint, allowedJunoOrigins)) { const error = `${phoenixEndpoint} not allowed as juno endpoint`; console.error(error); throw new Error(error); diff --git a/src/Utils/EndpointValidation.ts b/src/Utils/EndpointValidation.ts index f9c13599f..0e3479d97 100644 --- a/src/Utils/EndpointValidation.ts +++ b/src/Utils/EndpointValidation.ts @@ -71,15 +71,6 @@ export const allowedMsalRedirectEndpoints: ReadonlyArray = [ "https://cosmos-explorer-preview.azurewebsites.net/", ]; -export const allowedParentFrameOrigins: ReadonlyArray = [ - `^https:\\/\\/cosmos\\.azure\\.(com|cn|us)$`, - `^https:\\/\\/[\\.\\w]*portal\\.azure\\.(com|cn|us)$`, - `^https:\\/\\/[\\.\\w]*portal\\.microsoftazure.de$`, - `^https:\\/\\/[\\.\\w]*ext\\.azure\\.(com|cn|us)$`, - `^https:\\/\\/[\\.\\w]*\\.ext\\.microsoftazure\\.de$`, - `^https://cosmos-db-dataexplorer-germanycentral.azurewebsites.de$`, -]; - export const allowedJunoOrigins: ReadonlyArray = [ JunoEndpoints.Test, JunoEndpoints.Test2, diff --git a/src/Utils/MessageValidation.ts b/src/Utils/MessageValidation.ts index fa601755f..891c06369 100644 --- a/src/Utils/MessageValidation.ts +++ b/src/Utils/MessageValidation.ts @@ -1,7 +1,7 @@ -import { allowedParentFrameOrigins } from "Utils/EndpointValidation"; +import { configContext } from "../ConfigContext"; export function isInvalidParentFrameOrigin(event: MessageEvent): boolean { - return !isValidOrigin(allowedParentFrameOrigins, event); + return !isValidOrigin(configContext.allowedParentFrameOrigins, event); } function isValidOrigin(allowedOrigins: ReadonlyArray, event: MessageEvent): boolean {