From b4973e83675e9e6837795509d4ba45b3d0653ba2 Mon Sep 17 00:00:00 2001
From: vchske <chskelt@microsoft.com>
Date: Wed, 4 Sep 2024 11:35:32 -0700
Subject: [PATCH] Fixing regex on allowedParentFrameOrigins to address XSS
 (#1956)

---
 src/ConfigContext.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ConfigContext.ts b/src/ConfigContext.ts
index 6d15a8a0f..f202602e9 100644
--- a/src/ConfigContext.ts
+++ b/src/ConfigContext.ts
@@ -87,7 +87,7 @@ let configContext: Readonly<ConfigContext> = {
     `^https:\\/\\/.*\\.analysis-df\\.net$`,
     `^https:\\/\\/.*\\.analysis-df\\.windows\\.net$`,
     `^https:\\/\\/.*\\.azure-test\\.net$`,
-    `^https:\\/\\/cosmos-explorer-preview\\.azurewebsites\\.net`,
+    `^https:\\/\\/cosmos-explorer-preview\\.azurewebsites\\.net$`,
   ], // Webpack injects this at build time
   gitSha: process.env.GIT_SHA,
   hostedExplorerURL: "https://cosmos.azure.com/",