Partial 0.0.0.0 day fix
This commit is contained in:
parent
8b6a491ed5
commit
b483e91f1e
2 changed files with 42 additions and 2 deletions
34
main.js
34
main.js
|
@ -31,6 +31,17 @@ async function enableGoodies(s) {
|
|||
})
|
||||
}
|
||||
|
||||
// 0.0.0.0 day fix
|
||||
const locals = [
|
||||
'0.0.0.0', '127.0.0.1', '192.168', '.local'
|
||||
];
|
||||
|
||||
// Function to check if a URL is restricted
|
||||
function isLocal(url) {
|
||||
return locals.some(local => url.includes(local));
|
||||
}
|
||||
|
||||
|
||||
function createWindow () {
|
||||
const mainWindow = new BrowserWindow({
|
||||
width: 1100,
|
||||
|
@ -122,7 +133,28 @@ const regexPatterns = [
|
|||
if (containsAD(details.url)) {
|
||||
return callback({cancel: true})
|
||||
}
|
||||
return callback({})
|
||||
|
||||
const url = new URL(details.url);
|
||||
const hostname = url.hostname;
|
||||
const isLocalDomain = isLocal(hostname);
|
||||
|
||||
// Check if the request is to a local domain
|
||||
if (isLocalDomain) {
|
||||
// Check if the request is initiated by a remote domain
|
||||
const initiator = details.initiator ? new URL(details.initiator).hostname : '';
|
||||
const isInitiatorLocal = isLocal(initiator);
|
||||
|
||||
if (initiator && !isInitiatorLocal) {
|
||||
console.log(`[W] Local domain is being accessed by external source (${initiator}), don't allow!`);
|
||||
callback({ cancel: true }); // Block request to local domains from remote sources
|
||||
} else {
|
||||
//console.log("Local domain is not being accessed by external source, allow..."); //debug
|
||||
callback({ cancel: false }); // Allow request
|
||||
}
|
||||
} else {
|
||||
//console.log("Request is not to a local domain, allow..."); //debug
|
||||
callback({ cancel: false }); // Allow non-local requests
|
||||
}
|
||||
})
|
||||
|
||||
// and load the index.html of the app.
|
||||
|
|
10
preload.js
10
preload.js
|
@ -5,6 +5,14 @@
|
|||
*
|
||||
* https://www.electronjs.org/docs/latest/tutorial/sandbox
|
||||
*/
|
||||
|
||||
const { contextBridge, ipcRenderer } = require('electron');
|
||||
|
||||
contextBridge.exposeInMainWorld('electron', {
|
||||
enforceDomainRestrictions: (url) => ipcRenderer.sendSync('check-domain', url),
|
||||
});
|
||||
|
||||
|
||||
window.addEventListener('DOMContentLoaded', () => {
|
||||
const replaceText = (selector, text) => {
|
||||
const element = document.getElementById(selector)
|
||||
|
@ -14,7 +22,7 @@ window.addEventListener('DOMContentLoaded', () => {
|
|||
for (const type of ['chrome', 'node', 'electron']) {
|
||||
replaceText(`${type}-version`, 'sneedium-version')
|
||||
}
|
||||
const { ipcRenderer } = require('electron')
|
||||
|
||||
ipcRenderer.on('windowmaker', (event, arg) => {
|
||||
console.log(arg) // prints "pong"
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue