[MM-55054] Consider a matching origin for a media request as a trusted URL when checking permissions (#2893)
This commit is contained in:
parent
31e17aae80
commit
9faaa79064
|
@ -65,7 +65,7 @@ describe('main/PermissionsManager', () => {
|
|||
return null;
|
||||
}
|
||||
});
|
||||
isTrustedURL.mockImplementation((url, baseURL) => baseURL.toString().startsWith(url.toString()));
|
||||
isTrustedURL.mockImplementation((url, baseURL) => url.toString().startsWith(baseURL.toString()));
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
|
@ -188,4 +188,20 @@ describe('main/PermissionsManager', () => {
|
|||
]);
|
||||
expect(dialog.showMessageBox).toHaveBeenCalledTimes(1);
|
||||
});
|
||||
|
||||
it('should still pop dialog for media requests from the servers origin', async () => {
|
||||
ViewManager.getViewByWebContentsId.mockImplementation((id) => {
|
||||
if (id === 2) {
|
||||
return {view: {server: {url: new URL('http://anyurl.com/subpath')}}};
|
||||
}
|
||||
|
||||
return null;
|
||||
});
|
||||
const permissionsManager = new PermissionsManager('anyfile.json');
|
||||
permissionsManager.writeToFile = jest.fn();
|
||||
const cb = jest.fn();
|
||||
dialog.showMessageBox.mockReturnValue(Promise.resolve({response: 0}));
|
||||
await permissionsManager.handlePermissionRequest({id: 2}, 'media', cb, {securityOrigin: 'http://anyurl.com'});
|
||||
expect(dialog.showMessageBox).toHaveBeenCalled();
|
||||
});
|
||||
});
|
||||
|
|
|
@ -106,7 +106,7 @@ export class PermissionsManager extends JsonFileManager<Permissions> {
|
|||
}
|
||||
|
||||
// is the requesting url trusted?
|
||||
if (!isTrustedURL(parsedURL, serverURL)) {
|
||||
if (!(isTrustedURL(parsedURL, serverURL) || (permission === 'media' && parsedURL.origin === serverURL.origin))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue