bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-15 07:43:35 +00:00
Code Issues Releases Wiki Activity

[PM-6413] Add http loophole for localhost (#9236)

Browse Source 
* [PM-6413] feat: add http loophole for localhost

Fixes #6882

* feat: add sanity check

* feat: change fido2 filters to allow scripts on localhost

* [PM-6413] fix: injection tests
This commit is contained in:
Andreas Coroiu
2024-06-25 11:06:04 +02:00
committed by GitHub
parent 591f44438a
commit dce5c0f184
7 changed files with 79 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/browser/src/autofill/fido2/background/fido2.background.spec.ts
View File

@@ -32,7 +32,7 @@ const contentScriptDetails = {
...sharedScriptInjectionDetails,
};
const sharedRegistrationOptions = {
matches: ["https://*/*"],
matches: ["https://*/*", "http://localhost/*"],
excludeMatches: ["https://*/*.xml*"],
allFrames: true,
...sharedExecuteScriptOptions,

2
apps/browser/src/autofill/fido2/background/fido2.background.ts
View File

@@ -33,7 +33,7 @@ export class Fido2Background implements Fido2BackgroundInterface {
runAt: "document_start",
};
private readonly sharedRegistrationOptions: SharedFido2ScriptRegistrationOptions = {
matches: ["https://*/*"],
matches: ["https://*/*", "http://localhost/*"],
excludeMatches: ["https://*/*.xml*"],
allFrames: true,
...this.sharedInjectionDetails,

4
apps/browser/src/autofill/fido2/content/fido2-content-script.ts
View File

@@ -17,7 +17,9 @@ import { MessageWithMetadata, Messenger } from "./messaging/messenger";
(function (globalContext) {
const shouldExecuteContentScript =
globalContext.document.contentType === "text/html" &&
globalContext.document.location.protocol === "https:";
(globalContext.document.location.protocol === "https:" ||
(globalContext.document.location.protocol === "http:" &&
globalContext.document.location.hostname === "localhost"));
if (!shouldExecuteContentScript) {
return;

4
apps/browser/src/autofill/fido2/content/fido2-page-script.ts
View File

@@ -8,7 +8,9 @@ import { Messenger } from "./messaging/messenger";
(function (globalContext) {
const shouldExecuteContentScript =
globalContext.document.contentType === "text/html" &&
globalContext.document.location.protocol === "https:";
(globalContext.document.location.protocol === "https:" ||
(globalContext.document.location.protocol === "http:" &&
globalContext.document.location.hostname === "localhost"));
if (!shouldExecuteContentScript) {
return;

9
apps/browser/src/autofill/fido2/content/fido2-page-script.webauthn-supported.spec.ts
View File

@@ -16,8 +16,9 @@ const mockGlobalThisDocument = {
contentType: "text/html",
location: {
...originalGlobalThis.document.location,
href: "https://localhost",
origin: "https://localhost",
href: "https://bitwarden.com",
origin: "https://bitwarden.com",
hostname: "bitwarden.com",
protocol: "https:",
},
};
@@ -166,8 +167,8 @@ describe("Fido2 page script with native WebAuthn support", () => {
...mockGlobalThisDocument,
location: {
...mockGlobalThisDocument.location,
href: "http://localhost",
origin: "http://localhost",
href: "http://bitwarden.com",
origin: "http://bitwarden.com",
protocol: "http:",
},
}));