Skip to content

Commit

Permalink
fix: add companion ids to allow origins
Browse files Browse the repository at this point in the history
- fixes #8689
- Adds the chrome-extension ids for ipfs-companion and
ipfs-companion-beta to the allowed origins list, this
allows us to accesss ipfs api from a manifest v3 extension.
- added tests in t0401-api-browser-security.sh
  • Loading branch information
meandavejustice committed Mar 16, 2022
1 parent 5e1b224 commit c48b612
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
2 changes: 2 additions & 0 deletions core/corehttp/commands.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ var defaultLocalhostOrigins = []string{
"https://[::1]:<port>",
"http://localhost:<port>",
"https://localhost:<port>",
"chrome-extension://nibjojkomfdiaoajekhjakgkdhaomnch", // ipfs-companion
"chrome-extension://hjoieblefckbooibpepigmacodalfndh", // ipfs-companion-beta
}

func addCORSFromEnv(c *cmdsHttp.ServerConfig) {
Expand Down
15 changes: 15 additions & 0 deletions test/sharness/t0401-api-browser-security.sh
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,21 @@ test_expect_success "browser is able to access API if Origin is the API port on
grep "HTTP/1.1 200 OK" curl_output && grep "$PEERID" curl_output
'

test_expect_success "Companion extension is unable to access API with invalid Origin" '
curl -sD - -X POST -A "Mozilla" -H "Origin: chrome-extension://invalidextensionid" "http://127.0.0.1:$API_PORT/api/v0/id" >curl_output &&
grep "HTTP/1.1 403 Forbidden" curl_output
'

test_expect_success "Companion extension is able to access API if Origin is the API port on localhost (ipv4)" '
curl -sD - -X POST -A "Mozilla" -H "Origin: chrome-extension://nibjojkomfdiaoajekhjakgkdhaomnch" "http://127.0.0.1:$API_PORT/api/v0/id" >curl_output &&
grep "HTTP/1.1 200 OK" curl_output && grep "$PEERID" curl_output
'

test_expect_success "Companion beta extension is able to access API if Origin is the API port on localhost (ipv4)" '
curl -sD - -X POST -A "Mozilla" -H "Origin: chrome-extension://hjoieblefckbooibpepigmacodalfndh" "http://127.0.0.1:$API_PORT/api/v0/id" >curl_output &&
grep "HTTP/1.1 200 OK" curl_output && grep "$PEERID" curl_output
'

test_kill_ipfs_daemon

test_expect_success "setting CORS in API.HTTPHeaders works via CLI" "
Expand Down

0 comments on commit c48b612

Please sign in to comment.