From f6e080221ee49788a5a76cd8f59b7c95032fb97a Mon Sep 17 00:00:00 2001 From: Maxx Crawford Date: Thu, 22 Apr 2021 16:07:16 -0500 Subject: [PATCH] Fix #708 - Add logic to open PayPal inside the Facebook Contain when opened from Facebook Donate pages --- src/background.js | 47 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 11 deletions(-) diff --git a/src/background.js b/src/background.js index 71bfb0005..cac491d88 100644 --- a/src/background.js +++ b/src/background.js @@ -245,7 +245,7 @@ async function maybeReopenTab (url, tab, request) { // We don't reopen MAC assigned urls return; } - const cookieStoreId = await shouldContainInto(url, tab); + const cookieStoreId = await shouldContainInto(url, tab, request); if (!cookieStoreId) { // Tab doesn't need to be contained return; @@ -289,17 +289,16 @@ function getRootDomain(url) { } -function topFrameUrlIsFacebookApps(frameAncestorsArray) { - if (!frameAncestorsArray || frameAncestorsArray.length === 0) { +function topFrameUrlMatcher(frameAncestorsArray, allowedDomain) { + if (!frameAncestorsArray || !allowedDomain || frameAncestorsArray.length === 0) { // No frame ancestor return false return false; } - const appsFacebookURL = "https://apps.facebook.com"; const frameAncestorsURL = frameAncestorsArray[0].url; - if (!frameAncestorsURL.startsWith(appsFacebookURL)) { - // Only allow frame ancestors that originate from apps.facebook.com + if (!frameAncestorsURL.startsWith(allowedDomain)) { + // Only allow frame ancestors that originate from matched URL return false; } @@ -316,6 +315,18 @@ function isFacebookURL (url) { return false; } +function isPayPalURL (url) { + // TODO: Determine if we need to limit to just www, or wildecard the subdomain + // Test for any URLs that match paypalobjects.com or paypal.com + const parsedUrl = new URL(url); + const payPalRegex = new RegExp("^(.*\\.)?paypal.com$"); + const payPalObjectsRegex = new RegExp("^(.*\\.)?paypalobjects.com$"); + if (payPalRegex.test(parsedUrl.host) || payPalObjectsRegex.test(parsedUrl.host)) { + return true; + } + return false; +} + // TODO: refactor parsedUrl "up" so new URL doesn't have to be called so much // TODO: refactor fbcStorage "up" so browser.storage.local.get doesn't have to be called so much async function addDomainToFacebookContainer (url) { @@ -341,7 +352,7 @@ async function isAddedToFacebookContainer (url) { return false; } -async function shouldContainInto (url, tab) { +async function shouldContainInto (url, tab, request) { if (!url.startsWith("http")) { // we only handle URLs starting with http(s) return false; @@ -349,7 +360,10 @@ async function shouldContainInto (url, tab) { const hasBeenAddedToFacebookContainer = await isAddedToFacebookContainer(url); - if (isFacebookURL(url) || hasBeenAddedToFacebookContainer) { + // Github #708 - This logic allows payment services opened from Facebook to stay inside Facebook Container + const frameAncestorUrlIsFacebookDonate = topFrameUrlMatcher(request.originUrl, "https://facebook.com/donate"); + + if (isFacebookURL(url) || hasBeenAddedToFacebookContainer || frameAncestorUrlIsFacebookDonate) { if (tab.cookieStoreId !== facebookCookieStoreId) { // Facebook-URL outside of Facebook Container Tab // Should contain into Facebook Container @@ -523,8 +537,10 @@ async function blockFacebookSubResources (requestDetails) { } const urlIsFacebook = isFacebookURL(requestDetails.url); - // If this request isn't going to Facebook, let's return {} ASAP - if (!urlIsFacebook) { + const urlIsPayPal = isPayPalURL(requestDetails.url); + + // If this request isn't going to Facebook or PayPal, let's return {} ASAP + if (!urlIsFacebook && !urlIsPayPal) { return {}; } @@ -537,7 +553,7 @@ async function blockFacebookSubResources (requestDetails) { return {}; } - const frameAncestorUrlIsFacebookApps = topFrameUrlIsFacebookApps(requestDetails.frameAncestors); + const frameAncestorUrlIsFacebookApps = topFrameUrlMatcher(requestDetails.frameAncestors, "https://apps.facebook.com"); if (frameAncestorUrlIsFacebookApps) { const message = {msg: "facebook-domain"}; @@ -546,6 +562,15 @@ async function blockFacebookSubResources (requestDetails) { return {}; } + const frameAncestorUrlIsFacebookDonate = topFrameUrlMatcher(requestDetails.frameAncestors, "https://facebook.com/donate"); + + if (urlIsPayPal || frameAncestorUrlIsFacebookDonate) { + const message = {msg: "allowed-paypal-subresources"}; + // Send the message to the content_script + browser.tabs.sendMessage(requestDetails.tabId, message); + return {}; + } + const hasBeenAddedToFacebookContainer = await isAddedToFacebookContainer(requestDetails.originUrl); if ( urlIsFacebook && !originUrlIsFacebook ) {