diff --git a/core/corehttp/commands.go b/core/corehttp/commands.go index 8de1e6be44a5..3717c7554e0f 100644 --- a/core/corehttp/commands.go +++ b/core/corehttp/commands.go @@ -44,6 +44,8 @@ var defaultLocalhostOrigins = []string{ "https://[::1]:", "http://localhost:", "https://localhost:", + "chrome-extension://nibjojkomfdiaoajekhjakgkdhaomnch", // ipfs-companion + "chrome-extension://hjoieblefckbooibpepigmacodalfndh" // ipfs-companion-beta } func addCORSFromEnv(c *cmdsHttp.ServerConfig) { diff --git a/test/sharness/t0401-api-browser-security.sh b/test/sharness/t0401-api-browser-security.sh index 1e36bcead325..d7bd3a67d3fb 100755 --- a/test/sharness/t0401-api-browser-security.sh +++ b/test/sharness/t0401-api-browser-security.sh @@ -39,6 +39,21 @@ test_expect_success "browser is able to access API if Origin is the API port on grep "HTTP/1.1 200 OK" curl_output && grep "$PEERID" curl_output ' +test_expect_success "Companion extension is unable to access API with invalid Origin" ' + curl -sD - -X POST -A "Mozilla" -H "Origin: chrome-extension://invalidextensionid" "http://127.0.0.1:$API_PORT/api/v0/id" >curl_output && + grep "HTTP/1.1 403 Forbidden" curl_output +' + +test_expect_success "Companion extension is able to access API if Origin is the API port on localhost (ipv4)" ' + curl -sD - -X POST -A "Mozilla" -H "Origin: chrome-extension://nibjojkomfdiaoajekhjakgkdhaomnch" "http://127.0.0.1:$API_PORT/api/v0/id" >curl_output && + grep "HTTP/1.1 200 OK" curl_output && grep "$PEERID" curl_output +' + +test_expect_success "Companion beta extension is able to access API if Origin is the API port on localhost (ipv4)" ' + curl -sD - -X POST -A "Mozilla" -H "Origin: chrome-extension://hjoieblefckbooibpepigmacodalfndh" "http://127.0.0.1:$API_PORT/api/v0/id" >curl_output && + grep "HTTP/1.1 200 OK" curl_output && grep "$PEERID" curl_output +' + test_kill_ipfs_daemon test_expect_success "setting CORS in API.HTTPHeaders works via CLI" "