mirror of
https://github.com/bitwarden/browser
synced 2026-02-25 17:13:24 +00:00
Adds urlOriginsMatch to @bitwarden/platform, which compares two URLs by
scheme, host, and port. Uses `protocol + "//" + host` rather than
`URL.origin` because non-special schemes (e.g. chrome-extension://)
return the opaque string "null" from .origin, making equality comparison
unreliable. URLs without a host (file:, data:) are explicitly rejected
to prevent hostless schemes from comparing equal.
Refactors senderIsInternal to delegate to urlOriginsMatch and to derive
the extension URL via BrowserApi.getRuntimeURL("") rather than inline
chrome/browser API detection. Adds full test coverage for
senderIsInternal.
The previous string-based comparison used startsWith after stripping
trailing slashes, which was safe in senderIsInternal where inputs are
tightly constrained. As a general utility accepting arbitrary URLs,
startsWith can produce false positives (e.g. "https://example.com"
matching "https://example.com.evil.com"). Structural host comparison
is the correct contract for unrestricted input.
54 lines
1.6 KiB
TypeScript
54 lines
1.6 KiB
TypeScript
function toURL(input: string | URL): URL | null {
|
|
if (input instanceof URL) {
|
|
return input;
|
|
}
|
|
try {
|
|
return new URL(input);
|
|
} catch {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
function effectiveOrigin(url: URL): string | null {
|
|
// The URL spec returns "null" for .origin on non-special schemes
|
|
// (e.g. chrome-extension://) so we build the origin from protocol + host instead.
|
|
// An empty host means no meaningful origin can be compared (file:, data:, etc.).
|
|
if (!url.host) {
|
|
return null;
|
|
}
|
|
return `${url.protocol}//${url.host}`;
|
|
}
|
|
|
|
/**
|
|
* Compares two URLs to determine whether the suspect URL originates from the
|
|
* same host as the canonical URL.
|
|
*
|
|
* Both arguments accept either a string or an existing {@link URL} object.
|
|
*
|
|
* Returns `false` when:
|
|
* - Either argument cannot be parsed as a valid URL
|
|
* - Either URL has no host (e.g. `file:`, `data:` schemes), since URLs without
|
|
* a meaningful host cannot be distinguished by origin
|
|
*
|
|
* @param canonical - The reference URL whose origin acts as the baseline.
|
|
* @param suspect - The URL being tested against the canonical origin.
|
|
* @returns `true` if both URLs share the same scheme, host, and port; `false` otherwise.
|
|
*/
|
|
export function urlOriginsMatch(canonical: string | URL, suspect: string | URL): boolean {
|
|
const canonicalUrl = toURL(canonical);
|
|
const suspectUrl = toURL(suspect);
|
|
|
|
if (!canonicalUrl || !suspectUrl) {
|
|
return false;
|
|
}
|
|
|
|
const canonicalOrigin = effectiveOrigin(canonicalUrl);
|
|
const suspectOrigin = effectiveOrigin(suspectUrl);
|
|
|
|
if (!canonicalOrigin || !suspectOrigin) {
|
|
return false;
|
|
}
|
|
|
|
return canonicalOrigin === suspectOrigin;
|
|
}
|