bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-26 09:33:22 +00:00
Code Issues Releases Wiki Activity

normalize origin for comparison (#19212)

Browse Source
This commit is contained in:
Nick Krantz
2026-02-24 16:39:49 -06:00
committed by GitHub
parent f667507512
commit f2837e9099
2 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
libs/platform/src/util.spec.ts
View File

@@ -17,6 +17,21 @@ describe("urlOriginsMatch", () => {
"chrome-extension://abc123/popup.html",
"chrome-extension://abc123/bg.js",
],
[
"safari extension GUID uppercase in suspect",
"safari-web-extension://d8726ae3-f81f-4d3a-85a0-64c2cb453e39/",
"safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/",
],
[
"safari extension GUID uppercase in canonical",
"safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/",
"safari-web-extension://d8726ae3-f81f-4d3a-85a0-64c2cb453e39/",
],
[
"safari extension GUID uppercase on both sides",
"safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/popup.html",
"safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/bg.js",
],
])("returns true when %s", (_, canonical, suspect) => {
expect(urlOriginsMatch(canonical as string | URL, suspect as string | URL)).toBe(true);
});
@@ -31,6 +46,11 @@ describe("urlOriginsMatch", () => {
"https://sub.example.com",
],
["non-special scheme hosts differ", "chrome-extension://abc123/", "chrome-extension://xyz789/"],
[
"safari extension GUIDs differ (mixed case)",
"safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/",
"safari-web-extension://AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE/",
],
])("returns false when %s", (_, canonical, suspect) => {
expect(urlOriginsMatch(canonical, suspect)).toBe(false);
});

9
libs/platform/src/util.ts
View File

@@ -45,9 +45,14 @@ export function urlOriginsMatch(canonical: string | URL, suspect: string | URL):
const canonicalOrigin = effectiveOrigin(canonicalUrl);
const suspectOrigin = effectiveOrigin(suspectUrl);
if (!canonicalOrigin || !suspectOrigin) {
// Safari sends the extension GUID in uppercase while the canonical URL is lowercase,
// Normalize both to lowercase and trim trailing slashes to avoid browser specific issues.
const normalizedCanonicalOrigin = canonicalOrigin?.replace(/\/$/, "").toLowerCase();
const normalizedSuspectOrigin = suspectOrigin?.replace(/\/$/, "").toLowerCase();
if (!normalizedCanonicalOrigin || !normalizedSuspectOrigin) {
return false;
}
return canonicalOrigin === suspectOrigin;
return normalizedCanonicalOrigin === normalizedSuspectOrigin;
}