bump playwriter to 0.0.37

This commit is contained in:
Tommy D. Rossi
2026-01-03 16:43:19 +01:00
parent f2ee7755a0
commit 018647aebf
5 changed files with 538 additions and 506 deletions
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## 0.0.37
### Patch Changes
- Internal connection handling improvements
## 0.0.36
### Features
+1 -1
View File
@@ -1,7 +1,7 @@
{
"name": "playwriter",
"description": "",
"version": "0.0.36",
"version": "0.0.37",
"type": "module",
"main": "dist/index.js",
"types": "dist/index.d.ts",
@@ -31,7 +31,7 @@
- generic [ref=e55]:
- text: "Google offered in:"
- link [ref=e56] [cursor=pointer]:
- /url: https://www.google.com/setprefs?sig=0_cJcEG2XLrwZS5WVXl_it8Jb4r40%3D&hl=it&source=homepage&sa=X&ved=0ahUKEwiP_8mU0u-RAxUMMDQIHfYnLGoQ2ZgBCBU
- /url: https://www.google.com/setprefs?sig=0_BrPqcpi5Yw7nw8qkQeZlfefk7NQ%3D&hl=it&source=homepage&sa=X&ved=0ahUKEwj11bOl2u-RAxVbFjQIHS-hAAgQ2ZgBCBU
- text: Italiano
- contentinfo [ref=e58]:
- generic [ref=e59]: Italy
File diff suppressed because it is too large Load Diff
+27 -1
View File
@@ -386,7 +386,26 @@ export async function startPlayWriterCDPRelayServer({ port = 19988, host = '127.
}
})
// Validate Origin header for WebSocket connections to prevent cross-origin attacks.
// Browsers always send Origin header for WebSocket connections, but Node.js clients don't.
// We reject browser origins (except chrome-extension://) to prevent malicious websites
// from connecting to the local WebSocket server.
function isAllowedOrigin(origin: string | undefined): boolean {
if (!origin) {
return true // Node.js clients don't send Origin
}
if (origin.startsWith('chrome-extension://')) {
return true // Chrome extension is allowed
}
return false // Reject browser origins (http://, https://, etc.)
}
app.get('/cdp/:clientId?', (c, next) => {
const origin = c.req.header('origin')
if (!isAllowedOrigin(origin)) {
logger?.log(chalk.red(`Rejecting /cdp WebSocket from origin: ${origin}`))
return c.text('Forbidden', 403)
}
if (token) {
const url = new URL(c.req.url, 'http://localhost')
const providedToken = url.searchParams.get('token')
@@ -548,7 +567,14 @@ export async function startPlayWriterCDPRelayServer({ port = 19988, host = '127.
}
}))
app.get('/extension', upgradeWebSocket(() => {
app.get('/extension', (c, next) => {
const origin = c.req.header('origin')
if (!isAllowedOrigin(origin)) {
logger?.log(chalk.red(`Rejecting /extension WebSocket from origin: ${origin}`))
return c.text('Forbidden', 403)
}
return next()
}, upgradeWebSocket(() => {
return {
onOpen(_event, ws) {
if (extensionWs) {