bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-12 14:23:32 +00:00
Code Issues Releases Wiki Activity

[PS-1152] CLI serve forbid browser requests (#3220)

Browse Source 
* Inconsiquential change to allow a draft PR

* Serve blocks requests from browsers by default

Option is provided to override this behavior for backwards
compatibility.

* Revert "Inconsiquential change to allow a draft PR"

This reverts commit 0f51344c35.
This commit is contained in:
Matt Gibson
2022-08-05 09:27:11 -06:00
committed by GitHub
parent 7526b46bfd
commit e7220644d1
2 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
apps/cli/src/commands/serve.command.ts
View File

@@ -149,14 +149,31 @@ export class ServeCommand {
} }
async run(options: program.OptionValues) { async run(options: program.OptionValues) {
const protectOrigin = !options.disableOriginProtection;
const port = options.port || 8087; const port = options.port || 8087;
const hostname = options.hostname || "localhost"; const hostname = options.hostname || "localhost";
this.main.logService.info(
`Starting server on ${hostname}:${port} with ${
protectOrigin ? "origin protection" : "no origin protection"
}`
);
const server = new koa(); const server = new koa();
const router = new koaRouter(); const router = new koaRouter();
process.env.BW_SERVE = "true"; process.env.BW_SERVE = "true";
process.env.BW_NOINTERACTION = "true"; process.env.BW_NOINTERACTION = "true";
server.use(koaBodyParser()).use(koaJson({ pretty: false, param: "pretty" })); server
.use(async (ctx, next) => {
if (protectOrigin && ctx.headers.origin != undefined) {
ctx.status = 403;
this.main.logService.warning(`Blocking request from ${ctx.headers.origin}`);
return;
}
await next();
})
.use(koaBodyParser())
.use(koaJson({ pretty: false, param: "pretty" }));
router.get("/generate", async (ctx, next) => { router.get("/generate", async (ctx, next) => {
const response = await this.generateCommand.run(ctx.request.query); const response = await this.generateCommand.run(ctx.request.query);

4
apps/cli/src/program.ts
View File

@@ -476,6 +476,10 @@ export class Program extends BaseProgram {
.description("Start a RESTful API webserver.") .description("Start a RESTful API webserver.")
.option("--hostname <hostname>", "The hostname to bind your API webserver to.") .option("--hostname <hostname>", "The hostname to bind your API webserver to.")
.option("--port <port>", "The port to run your API webserver on.") .option("--port <port>", "The port to run your API webserver on.")
.option(
"--disable-origin-protection",
"If set, allows requests with origin header. Not recommended!"
)
.on("--help", () => { .on("--help", () => {
writeLn("\n Notes:"); writeLn("\n Notes:");
writeLn(""); writeLn("");