[MM-55054] Consider a matching origin for a media request as a trusted URL when checking permissions (#2893)
This commit is contained in:
parent
31e17aae80
commit
9faaa79064
|
@ -65,7 +65,7 @@ describe('main/PermissionsManager', () => {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
isTrustedURL.mockImplementation((url, baseURL) => baseURL.toString().startsWith(url.toString()));
|
isTrustedURL.mockImplementation((url, baseURL) => url.toString().startsWith(baseURL.toString()));
|
||||||
});
|
});
|
||||||
|
|
||||||
afterEach(() => {
|
afterEach(() => {
|
||||||
|
@ -188,4 +188,20 @@ describe('main/PermissionsManager', () => {
|
||||||
]);
|
]);
|
||||||
expect(dialog.showMessageBox).toHaveBeenCalledTimes(1);
|
expect(dialog.showMessageBox).toHaveBeenCalledTimes(1);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should still pop dialog for media requests from the servers origin', async () => {
|
||||||
|
ViewManager.getViewByWebContentsId.mockImplementation((id) => {
|
||||||
|
if (id === 2) {
|
||||||
|
return {view: {server: {url: new URL('http://anyurl.com/subpath')}}};
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
});
|
||||||
|
const permissionsManager = new PermissionsManager('anyfile.json');
|
||||||
|
permissionsManager.writeToFile = jest.fn();
|
||||||
|
const cb = jest.fn();
|
||||||
|
dialog.showMessageBox.mockReturnValue(Promise.resolve({response: 0}));
|
||||||
|
await permissionsManager.handlePermissionRequest({id: 2}, 'media', cb, {securityOrigin: 'http://anyurl.com'});
|
||||||
|
expect(dialog.showMessageBox).toHaveBeenCalled();
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -106,7 +106,7 @@ export class PermissionsManager extends JsonFileManager<Permissions> {
|
||||||
}
|
}
|
||||||
|
|
||||||
// is the requesting url trusted?
|
// is the requesting url trusted?
|
||||||
if (!isTrustedURL(parsedURL, serverURL)) {
|
if (!(isTrustedURL(parsedURL, serverURL) || (permission === 'media' && parsedURL.origin === serverURL.origin))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue