Skip to content
This repository has been archived by the owner on Apr 11, 2024. It is now read-only.

Commit

Permalink
Fix host origin allowlist
Browse files Browse the repository at this point in the history
  • Loading branch information
@developit
developit authored Jul 24, 2023
1 parent 52976cf commit f7697f4
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion lib/utils/shop-validator.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ export function sanitizeHost(config: ConfigInterface) {
let sanitizedHost = base64regex.test(host) ? host : null;
if (sanitizedHost) {
const url = new URL(`https://${decodeHost(sanitizedHost)}`);
if (!sanitizeShop(config)(url.hostname, false)) {
// allow-list of origins
if (!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)) {

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_14 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_14 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_16 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_16 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_18 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_18 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_14 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_14 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_16 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_16 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_18 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_18 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_20 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`

Check failure on line 37 in lib/utils/shop-validator.ts

View workflow job for this annotation

GitHub Actions / CI_Node_20 

Replace `!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)` with `⏎········!/\.((my)?shopify\.com|myshopify\.io|spin\.dev)$/.test(url.hostname)⏎······`
sanitizedHost = null;
}
}
Expand Down

0 comments on commit f7697f4

Please sign in to comment.