bump playwriter to 0.0.37
This commit is contained in:
@@ -1,5 +1,11 @@
|
||||
# Changelog
|
||||
|
||||
## 0.0.37
|
||||
|
||||
### Patch Changes
|
||||
|
||||
- Internal connection handling improvements
|
||||
|
||||
## 0.0.36
|
||||
|
||||
### Features
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "playwriter",
|
||||
"description": "",
|
||||
"version": "0.0.36",
|
||||
"version": "0.0.37",
|
||||
"type": "module",
|
||||
"main": "dist/index.js",
|
||||
"types": "dist/index.d.ts",
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
- generic [ref=e55]:
|
||||
- text: "Google offered in:"
|
||||
- link [ref=e56] [cursor=pointer]:
|
||||
- /url: https://www.google.com/setprefs?sig=0_cJcEG2XLrwZS5WVXl_it8Jb4r40%3D&hl=it&source=homepage&sa=X&ved=0ahUKEwiP_8mU0u-RAxUMMDQIHfYnLGoQ2ZgBCBU
|
||||
- /url: https://www.google.com/setprefs?sig=0_BrPqcpi5Yw7nw8qkQeZlfefk7NQ%3D&hl=it&source=homepage&sa=X&ved=0ahUKEwj11bOl2u-RAxVbFjQIHS-hAAgQ2ZgBCBU
|
||||
- text: Italiano
|
||||
- contentinfo [ref=e58]:
|
||||
- generic [ref=e59]: Italy
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -386,7 +386,26 @@ export async function startPlayWriterCDPRelayServer({ port = 19988, host = '127.
|
||||
}
|
||||
})
|
||||
|
||||
// Validate Origin header for WebSocket connections to prevent cross-origin attacks.
|
||||
// Browsers always send Origin header for WebSocket connections, but Node.js clients don't.
|
||||
// We reject browser origins (except chrome-extension://) to prevent malicious websites
|
||||
// from connecting to the local WebSocket server.
|
||||
function isAllowedOrigin(origin: string | undefined): boolean {
|
||||
if (!origin) {
|
||||
return true // Node.js clients don't send Origin
|
||||
}
|
||||
if (origin.startsWith('chrome-extension://')) {
|
||||
return true // Chrome extension is allowed
|
||||
}
|
||||
return false // Reject browser origins (http://, https://, etc.)
|
||||
}
|
||||
|
||||
app.get('/cdp/:clientId?', (c, next) => {
|
||||
const origin = c.req.header('origin')
|
||||
if (!isAllowedOrigin(origin)) {
|
||||
logger?.log(chalk.red(`Rejecting /cdp WebSocket from origin: ${origin}`))
|
||||
return c.text('Forbidden', 403)
|
||||
}
|
||||
if (token) {
|
||||
const url = new URL(c.req.url, 'http://localhost')
|
||||
const providedToken = url.searchParams.get('token')
|
||||
@@ -548,7 +567,14 @@ export async function startPlayWriterCDPRelayServer({ port = 19988, host = '127.
|
||||
}
|
||||
}))
|
||||
|
||||
app.get('/extension', upgradeWebSocket(() => {
|
||||
app.get('/extension', (c, next) => {
|
||||
const origin = c.req.header('origin')
|
||||
if (!isAllowedOrigin(origin)) {
|
||||
logger?.log(chalk.red(`Rejecting /extension WebSocket from origin: ${origin}`))
|
||||
return c.text('Forbidden', 403)
|
||||
}
|
||||
return next()
|
||||
}, upgradeWebSocket(() => {
|
||||
return {
|
||||
onOpen(_event, ws) {
|
||||
if (extensionWs) {
|
||||
|
||||
Reference in New Issue
Block a user