mirror of
https://github.com/denoland/deno.git
synced 2024-11-25 15:29:32 -05:00
refactor: --unsafely-ignore-certificate-errors (#11629)
This commit is contained in:
parent
465cf9a6fe
commit
b9a8111a00
17 changed files with 78 additions and 79 deletions
|
@ -223,7 +223,7 @@ impl FileFetcher {
|
|||
allow_remote: bool,
|
||||
root_cert_store: Option<RootCertStore>,
|
||||
blob_store: BlobStore,
|
||||
unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
) -> Result<Self, AnyError> {
|
||||
Ok(Self {
|
||||
auth_tokens: AuthTokens::new(env::var(DENO_AUTH_TOKENS).ok()),
|
||||
|
@ -236,7 +236,7 @@ impl FileFetcher {
|
|||
root_cert_store,
|
||||
None,
|
||||
None,
|
||||
unsafely_treat_insecure_origin_as_secure,
|
||||
unsafely_ignore_certificate_errors,
|
||||
)?,
|
||||
blob_store,
|
||||
})
|
||||
|
|
41
cli/flags.rs
41
cli/flags.rs
|
@ -164,7 +164,7 @@ pub struct Flags {
|
|||
pub repl: bool,
|
||||
pub seed: Option<u64>,
|
||||
pub unstable: bool,
|
||||
pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
pub v8_flags: Vec<String>,
|
||||
pub version: bool,
|
||||
pub watch: bool,
|
||||
|
@ -217,13 +217,13 @@ impl Flags {
|
|||
_ => {}
|
||||
}
|
||||
|
||||
match &self.unsafely_treat_insecure_origin_as_secure {
|
||||
match &self.unsafely_ignore_certificate_errors {
|
||||
Some(ic_allowlist) if ic_allowlist.is_empty() => {
|
||||
args.push("--unsafely-treat-insecure-origin-as-secure".to_string());
|
||||
args.push("--unsafely-ignore_certificate_errors".to_string());
|
||||
}
|
||||
Some(ic_allowlist) => {
|
||||
let s = format!(
|
||||
"--unsafely-treat-insecure-origin-as-secure={}",
|
||||
"--unsafely-ignore_certificate_errors={}",
|
||||
ic_allowlist.join(",")
|
||||
);
|
||||
args.push(s);
|
||||
|
@ -1237,13 +1237,14 @@ fn permission_args<'a, 'b>(app: App<'a, 'b>) -> App<'a, 'b> {
|
|||
.validator(crate::flags_allow_net::validator),
|
||||
)
|
||||
.arg(
|
||||
Arg::with_name("unsafely-treat-insecure-origin-as-secure")
|
||||
.long("unsafely-treat-insecure-origin-as-secure")
|
||||
Arg::with_name("unsafely-ignore-certificate-errors")
|
||||
.long("unsafely-ignore-certificate-errors")
|
||||
.min_values(0)
|
||||
.takes_value(true)
|
||||
.use_delimiter(true)
|
||||
.require_equals(true)
|
||||
.help("DANGER: Disables verification of SSL certificates")
|
||||
.value_name("HOSTNAMES")
|
||||
.help("DANGER: Disables verification of TLS certificates")
|
||||
.validator(crate::flags_allow_net::validator),
|
||||
)
|
||||
.arg(
|
||||
|
@ -1906,13 +1907,11 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
|
|||
flags.allow_net = Some(net_allowlist);
|
||||
}
|
||||
|
||||
if let Some(ic_wl) =
|
||||
matches.values_of("unsafely-treat-insecure-origin-as-secure")
|
||||
{
|
||||
if let Some(ic_wl) = matches.values_of("unsafely-ignore-certificate-errors") {
|
||||
let ic_allowlist: Vec<String> =
|
||||
crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect())
|
||||
.unwrap();
|
||||
flags.unsafely_treat_insecure_origin_as_secure = Some(ic_allowlist);
|
||||
flags.unsafely_ignore_certificate_errors = Some(ic_allowlist);
|
||||
}
|
||||
|
||||
if let Some(env_wl) = matches.values_of("allow-env") {
|
||||
|
@ -2756,7 +2755,7 @@ mod tests {
|
|||
repl: true,
|
||||
subcommand: DenoSubcommand::Repl { eval: None },
|
||||
allow_net: Some(vec![]),
|
||||
unsafely_treat_insecure_origin_as_secure: None,
|
||||
unsafely_ignore_certificate_errors: None,
|
||||
allow_env: Some(vec![]),
|
||||
allow_run: Some(vec![]),
|
||||
allow_read: Some(vec![]),
|
||||
|
@ -3232,7 +3231,7 @@ mod tests {
|
|||
#[test]
|
||||
fn install_with_flags() {
|
||||
#[rustfmt::skip]
|
||||
let r = flags_from_vec(svec!["deno", "install", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-treat-insecure-origin-as-secure", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--name", "file_server", "--root", "/foo", "--force", "https://deno.land/std/http/file_server.ts", "foo", "bar"]);
|
||||
let r = flags_from_vec(svec!["deno", "install", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-ignore-certificate-errors", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--name", "file_server", "--root", "/foo", "--force", "https://deno.land/std/http/file_server.ts", "foo", "bar"]);
|
||||
assert_eq!(
|
||||
r.unwrap(),
|
||||
Flags {
|
||||
|
@ -3256,7 +3255,7 @@ mod tests {
|
|||
seed: Some(1),
|
||||
inspect: Some("127.0.0.1:9229".parse().unwrap()),
|
||||
allow_net: Some(vec![]),
|
||||
unsafely_treat_insecure_origin_as_secure: Some(vec![]),
|
||||
unsafely_ignore_certificate_errors: Some(vec![]),
|
||||
allow_read: Some(vec![]),
|
||||
..Flags::default()
|
||||
}
|
||||
|
@ -3402,11 +3401,11 @@ mod tests {
|
|||
}
|
||||
|
||||
#[test]
|
||||
fn unsafely_treat_insecure_origin_as_secure() {
|
||||
fn unsafely_ignore_certificate_errors() {
|
||||
let r = flags_from_vec(svec![
|
||||
"deno",
|
||||
"run",
|
||||
"--unsafely-treat-insecure-origin-as-secure",
|
||||
"--unsafely-ignore-certificate-errors",
|
||||
"script.ts"
|
||||
]);
|
||||
assert_eq!(
|
||||
|
@ -3415,7 +3414,7 @@ mod tests {
|
|||
subcommand: DenoSubcommand::Run {
|
||||
script: "script.ts".to_string(),
|
||||
},
|
||||
unsafely_treat_insecure_origin_as_secure: Some(vec![]),
|
||||
unsafely_ignore_certificate_errors: Some(vec![]),
|
||||
..Flags::default()
|
||||
}
|
||||
);
|
||||
|
@ -3426,7 +3425,7 @@ mod tests {
|
|||
let r = flags_from_vec(svec![
|
||||
"deno",
|
||||
"run",
|
||||
"--unsafely-treat-insecure-origin-as-secure=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4",
|
||||
"--unsafely-ignore-certificate-errors=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4",
|
||||
"script.ts"
|
||||
]);
|
||||
assert_eq!(
|
||||
|
@ -3435,7 +3434,7 @@ mod tests {
|
|||
subcommand: DenoSubcommand::Run {
|
||||
script: "script.ts".to_string(),
|
||||
},
|
||||
unsafely_treat_insecure_origin_as_secure: Some(svec![
|
||||
unsafely_ignore_certificate_errors: Some(svec![
|
||||
"deno.land",
|
||||
"localhost",
|
||||
"::",
|
||||
|
@ -3927,7 +3926,7 @@ mod tests {
|
|||
#[test]
|
||||
fn compile_with_flags() {
|
||||
#[rustfmt::skip]
|
||||
let r = flags_from_vec(svec!["deno", "compile", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-treat-insecure-origin-as-secure", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--output", "colors", "https://deno.land/std/examples/colors.ts", "foo", "bar"]);
|
||||
let r = flags_from_vec(svec!["deno", "compile", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-ignore-certificate-errors", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--output", "colors", "https://deno.land/std/examples/colors.ts", "foo", "bar"]);
|
||||
assert_eq!(
|
||||
r.unwrap(),
|
||||
Flags {
|
||||
|
@ -3948,7 +3947,7 @@ mod tests {
|
|||
cached_only: true,
|
||||
location: Some(Url::parse("https://foo/").unwrap()),
|
||||
allow_read: Some(vec![]),
|
||||
unsafely_treat_insecure_origin_as_secure: Some(vec![]),
|
||||
unsafely_ignore_certificate_errors: Some(vec![]),
|
||||
allow_net: Some(vec![]),
|
||||
v8_flags: svec!["--help", "--random-seed=1"],
|
||||
seed: Some(1),
|
||||
|
|
|
@ -109,9 +109,9 @@ fn create_web_worker_callback(
|
|||
.log_level
|
||||
.map_or(false, |l| l == log::Level::Debug),
|
||||
unstable: program_state.flags.unstable,
|
||||
unsafely_treat_insecure_origin_as_secure: program_state
|
||||
unsafely_ignore_certificate_errors: program_state
|
||||
.flags
|
||||
.unsafely_treat_insecure_origin_as_secure
|
||||
.unsafely_ignore_certificate_errors
|
||||
.clone(),
|
||||
root_cert_store: program_state.root_cert_store.clone(),
|
||||
user_agent: version::get_user_agent(),
|
||||
|
@ -193,9 +193,9 @@ pub fn create_main_worker(
|
|||
.log_level
|
||||
.map_or(false, |l| l == log::Level::Debug),
|
||||
unstable: program_state.flags.unstable,
|
||||
unsafely_treat_insecure_origin_as_secure: program_state
|
||||
unsafely_ignore_certificate_errors: program_state
|
||||
.flags
|
||||
.unsafely_treat_insecure_origin_as_secure
|
||||
.unsafely_ignore_certificate_errors
|
||||
.clone(),
|
||||
root_cert_store: program_state.root_cert_store.clone(),
|
||||
user_agent: version::get_user_agent(),
|
||||
|
|
|
@ -119,15 +119,15 @@ impl ProgramState {
|
|||
}
|
||||
|
||||
if let Some(insecure_allowlist) =
|
||||
flags.unsafely_treat_insecure_origin_as_secure.as_ref()
|
||||
flags.unsafely_ignore_certificate_errors.as_ref()
|
||||
{
|
||||
let domains = if insecure_allowlist.is_empty() {
|
||||
"for all domains".to_string()
|
||||
"for all hostnames".to_string()
|
||||
} else {
|
||||
format!("for: {}", insecure_allowlist.join(", "))
|
||||
};
|
||||
let msg = format!(
|
||||
"DANGER: SSL ceritificate validation is disabled {}",
|
||||
"DANGER: TLS ceritificate validation is disabled {}",
|
||||
domains
|
||||
);
|
||||
eprintln!("{}", colors::yellow(msg));
|
||||
|
@ -153,7 +153,7 @@ impl ProgramState {
|
|||
!flags.no_remote,
|
||||
Some(root_cert_store.clone()),
|
||||
blob_store.clone(),
|
||||
flags.unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
flags.unsafely_ignore_certificate_errors.clone(),
|
||||
)?;
|
||||
|
||||
let lockfile = if let Some(filename) = &flags.lock {
|
||||
|
|
|
@ -57,7 +57,7 @@ pub struct Metadata {
|
|||
pub log_level: Option<Level>,
|
||||
pub ca_stores: Option<Vec<String>>,
|
||||
pub ca_data: Option<Vec<u8>>,
|
||||
pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
}
|
||||
|
||||
pub const MAGIC_TRAILER: &[u8; 8] = b"d3n0l4nd";
|
||||
|
@ -253,8 +253,8 @@ pub async fn run(
|
|||
debug_flag: metadata.log_level.map_or(false, |l| l == log::Level::Debug),
|
||||
user_agent: version::get_user_agent(),
|
||||
unstable: metadata.unstable,
|
||||
unsafely_treat_insecure_origin_as_secure: metadata
|
||||
.unsafely_treat_insecure_origin_as_secure,
|
||||
unsafely_ignore_certificate_errors: metadata
|
||||
.unsafely_ignore_certificate_errors,
|
||||
root_cert_store: Some(root_cert_store),
|
||||
seed: metadata.seed,
|
||||
js_error_create_fn: None,
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
DANGER: SSL ceritificate validation is disabled for all domains
|
||||
DANGER: TLS ceritificate validation is disabled for all hostnames
|
||||
Hello
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
DANGER: SSL ceritificate validation is disabled for: localhost
|
||||
DANGER: TLS ceritificate validation is disabled for: localhost
|
||||
Hello
|
||||
success
|
||||
|
|
|
@ -475,14 +475,14 @@ fn broken_stdout() {
|
|||
// });
|
||||
|
||||
itest!(cafile_url_imports_unsafe_ssl {
|
||||
args: "run --quiet --reload --unsafely-treat-insecure-origin-as-secure=localhost cafile_url_imports.ts",
|
||||
args: "run --quiet --reload --unsafely-ignore-certificate-errors=localhost cafile_url_imports.ts",
|
||||
output: "cafile_url_imports_unsafe_ssl.ts.out",
|
||||
http_server: true,
|
||||
});
|
||||
|
||||
itest!(cafile_ts_fetch_unsafe_ssl {
|
||||
args:
|
||||
"run --quiet --reload --allow-net --unsafely-treat-insecure-origin-as-secure cafile_ts_fetch.ts",
|
||||
"run --quiet --reload --allow-net --unsafely-ignore-certificate-errors cafile_ts_fetch.ts",
|
||||
output: "cafile_ts_fetch_unsafe_ssl.ts.out",
|
||||
http_server: true,
|
||||
});
|
||||
|
|
|
@ -99,8 +99,8 @@ pub fn create_standalone_binary(
|
|||
location: flags.location.clone(),
|
||||
permissions: flags.clone().into(),
|
||||
v8_flags: flags.v8_flags.clone(),
|
||||
unsafely_treat_insecure_origin_as_secure: flags
|
||||
.unsafely_treat_insecure_origin_as_secure
|
||||
unsafely_ignore_certificate_errors: flags
|
||||
.unsafely_ignore_certificate_errors
|
||||
.clone(),
|
||||
log_level: flags.log_level,
|
||||
ca_stores: flags.ca_stores,
|
||||
|
@ -226,8 +226,8 @@ pub fn compile_to_runtime_flags(
|
|||
lock: None,
|
||||
log_level: flags.log_level,
|
||||
no_check: false,
|
||||
unsafely_treat_insecure_origin_as_secure: flags
|
||||
.unsafely_treat_insecure_origin_as_secure,
|
||||
unsafely_ignore_certificate_errors: flags
|
||||
.unsafely_ignore_certificate_errors,
|
||||
no_remote: false,
|
||||
prompt: flags.prompt,
|
||||
reload: false,
|
||||
|
|
|
@ -60,7 +60,7 @@ pub fn init<P: FetchPermissions + 'static>(
|
|||
root_cert_store: Option<RootCertStore>,
|
||||
proxy: Option<Proxy>,
|
||||
request_builder_hook: Option<fn(RequestBuilder) -> RequestBuilder>,
|
||||
unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
) -> Extension {
|
||||
Extension::builder()
|
||||
.js(include_js_files!(
|
||||
|
@ -88,7 +88,7 @@ pub fn init<P: FetchPermissions + 'static>(
|
|||
root_cert_store.clone(),
|
||||
None,
|
||||
proxy.clone(),
|
||||
unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
unsafely_ignore_certificate_errors.clone(),
|
||||
)
|
||||
.unwrap()
|
||||
});
|
||||
|
@ -97,8 +97,8 @@ pub fn init<P: FetchPermissions + 'static>(
|
|||
root_cert_store: root_cert_store.clone(),
|
||||
proxy: proxy.clone(),
|
||||
request_builder_hook,
|
||||
unsafely_treat_insecure_origin_as_secure:
|
||||
unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
unsafely_ignore_certificate_errors: unsafely_ignore_certificate_errors
|
||||
.clone(),
|
||||
});
|
||||
Ok(())
|
||||
})
|
||||
|
@ -110,7 +110,7 @@ pub struct HttpClientDefaults {
|
|||
pub root_cert_store: Option<RootCertStore>,
|
||||
pub proxy: Option<Proxy>,
|
||||
pub request_builder_hook: Option<fn(RequestBuilder) -> RequestBuilder>,
|
||||
pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
}
|
||||
|
||||
pub trait FetchPermissions {
|
||||
|
@ -543,7 +543,7 @@ where
|
|||
defaults.root_cert_store.clone(),
|
||||
cert_data,
|
||||
args.proxy,
|
||||
defaults.unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
defaults.unsafely_ignore_certificate_errors.clone(),
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
|
|
|
@ -94,16 +94,16 @@ pub struct DefaultTlsOptions {
|
|||
pub root_cert_store: Option<RootCertStore>,
|
||||
}
|
||||
|
||||
/// `UnsafelyTreatInsecureOriginAsSecure` is a wrapper struct so it can be placed inside `GothamState`;
|
||||
/// `UnsafelyIgnoreCertificateErrors` is a wrapper struct so it can be placed inside `GothamState`;
|
||||
/// using type alias for a `Option<Vec<String>>` could work, but there's a high chance
|
||||
/// that there might be another type alias pointing to a `Option<Vec<String>>`, which
|
||||
/// would override previously used alias.
|
||||
pub struct UnsafelyTreatInsecureOriginAsSecure(Option<Vec<String>>);
|
||||
pub struct UnsafelyIgnoreCertificateErrors(Option<Vec<String>>);
|
||||
|
||||
pub fn init<P: NetPermissions + 'static>(
|
||||
root_cert_store: Option<RootCertStore>,
|
||||
unstable: bool,
|
||||
unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
) -> Extension {
|
||||
let mut ops_to_register = vec![];
|
||||
ops_to_register.extend(io::init());
|
||||
|
@ -122,8 +122,8 @@ pub fn init<P: NetPermissions + 'static>(
|
|||
root_cert_store: root_cert_store.clone(),
|
||||
});
|
||||
state.put(UnstableChecker { unstable });
|
||||
state.put(UnsafelyTreatInsecureOriginAsSecure(
|
||||
unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
state.put(UnsafelyIgnoreCertificateErrors(
|
||||
unsafely_ignore_certificate_errors.clone(),
|
||||
));
|
||||
Ok(())
|
||||
})
|
||||
|
|
|
@ -9,7 +9,7 @@ use crate::resolve_addr::resolve_addr;
|
|||
use crate::resolve_addr::resolve_addr_sync;
|
||||
use crate::DefaultTlsOptions;
|
||||
use crate::NetPermissions;
|
||||
use crate::UnsafelyTreatInsecureOriginAsSecure;
|
||||
use crate::UnsafelyIgnoreCertificateErrors;
|
||||
use deno_core::error::bad_resource;
|
||||
use deno_core::error::bad_resource_id;
|
||||
use deno_core::error::custom_error;
|
||||
|
@ -761,9 +761,9 @@ where
|
|||
};
|
||||
let port = args.port;
|
||||
let cert_file = args.cert_file.as_deref();
|
||||
let unsafely_treat_insecure_origin_as_secure = state
|
||||
let unsafely_ignore_certificate_errors = state
|
||||
.borrow()
|
||||
.borrow::<UnsafelyTreatInsecureOriginAsSecure>()
|
||||
.borrow::<UnsafelyIgnoreCertificateErrors>()
|
||||
.0
|
||||
.clone();
|
||||
|
||||
|
@ -810,7 +810,7 @@ where
|
|||
let mut tls_config = create_client_config(
|
||||
root_cert_store,
|
||||
ca_data,
|
||||
unsafely_treat_insecure_origin_as_secure,
|
||||
unsafely_ignore_certificate_errors,
|
||||
)?;
|
||||
|
||||
if args.cert_chain.is_some() || args.private_key.is_some() {
|
||||
|
|
|
@ -125,7 +125,7 @@ pub fn create_default_root_cert_store() -> RootCertStore {
|
|||
pub fn create_client_config(
|
||||
root_cert_store: Option<RootCertStore>,
|
||||
ca_data: Option<Vec<u8>>,
|
||||
unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
) -> Result<ClientConfig, AnyError> {
|
||||
let mut tls_config = ClientConfig::new();
|
||||
tls_config.set_persistence(CLIENT_SESSION_MEMORY_CACHE.clone());
|
||||
|
@ -141,7 +141,7 @@ pub fn create_client_config(
|
|||
}
|
||||
}
|
||||
|
||||
if let Some(ic_allowlist) = unsafely_treat_insecure_origin_as_secure {
|
||||
if let Some(ic_allowlist) = unsafely_ignore_certificate_errors {
|
||||
tls_config.dangerous().set_certificate_verifier(Arc::new(
|
||||
NoCertificateVerification(ic_allowlist),
|
||||
));
|
||||
|
@ -157,12 +157,12 @@ pub fn create_http_client(
|
|||
root_cert_store: Option<RootCertStore>,
|
||||
ca_data: Option<Vec<u8>>,
|
||||
proxy: Option<Proxy>,
|
||||
unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
) -> Result<Client, AnyError> {
|
||||
let tls_config = create_client_config(
|
||||
root_cert_store,
|
||||
ca_data,
|
||||
unsafely_treat_insecure_origin_as_secure,
|
||||
unsafely_ignore_certificate_errors,
|
||||
)?;
|
||||
let mut headers = HeaderMap::new();
|
||||
headers.insert(USER_AGENT, user_agent.parse().unwrap());
|
||||
|
|
|
@ -54,11 +54,11 @@ pub trait WebSocketPermissions {
|
|||
fn check_net_url(&mut self, _url: &url::Url) -> Result<(), AnyError>;
|
||||
}
|
||||
|
||||
/// `UnsafelyTreatInsecureOriginAsSecure` is a wrapper struct so it can be placed inside `GothamState`;
|
||||
/// `UnsafelyIgnoreCertificateErrors` is a wrapper struct so it can be placed inside `GothamState`;
|
||||
/// using type alias for a `Option<Vec<String>>` could work, but there's a high chance
|
||||
/// that there might be another type alias pointing to a `Option<Vec<String>>`, which
|
||||
/// would override previously used alias.
|
||||
pub struct UnsafelyTreatInsecureOriginAsSecure(Option<Vec<String>>);
|
||||
pub struct UnsafelyIgnoreCertificateErrors(Option<Vec<String>>);
|
||||
|
||||
/// For use with `op_websocket_*` when the user does not want permissions.
|
||||
pub struct NoWebSocketPermissions;
|
||||
|
@ -223,9 +223,9 @@ where
|
|||
);
|
||||
}
|
||||
|
||||
let unsafely_treat_insecure_origin_as_secure = state
|
||||
let unsafely_ignore_certificate_errors = state
|
||||
.borrow()
|
||||
.borrow::<UnsafelyTreatInsecureOriginAsSecure>()
|
||||
.borrow::<UnsafelyIgnoreCertificateErrors>()
|
||||
.0
|
||||
.clone();
|
||||
let root_cert_store = state.borrow().borrow::<WsRootStore>().0.clone();
|
||||
|
@ -255,7 +255,7 @@ where
|
|||
let tls_config = create_client_config(
|
||||
root_cert_store,
|
||||
None,
|
||||
unsafely_treat_insecure_origin_as_secure,
|
||||
unsafely_ignore_certificate_errors,
|
||||
)?;
|
||||
let tls_connector = TlsConnector::from(Arc::new(tls_config));
|
||||
let dnsname = DNSNameRef::try_from_ascii_str(domain)
|
||||
|
@ -430,7 +430,7 @@ pub async fn op_ws_next_event(
|
|||
pub fn init<P: WebSocketPermissions + 'static>(
|
||||
user_agent: String,
|
||||
root_cert_store: Option<RootCertStore>,
|
||||
unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
) -> Extension {
|
||||
Extension::builder()
|
||||
.js(include_js_files!(
|
||||
|
@ -450,8 +450,8 @@ pub fn init<P: WebSocketPermissions + 'static>(
|
|||
])
|
||||
.state(move |state| {
|
||||
state.put::<WsUserAgent>(WsUserAgent(user_agent.clone()));
|
||||
state.put(UnsafelyTreatInsecureOriginAsSecure(
|
||||
unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
state.put(UnsafelyIgnoreCertificateErrors(
|
||||
unsafely_ignore_certificate_errors.clone(),
|
||||
));
|
||||
state.put::<WsRootStore>(WsRootStore(root_cert_store.clone()));
|
||||
Ok(())
|
||||
|
|
|
@ -27,7 +27,7 @@ async fn main() -> Result<(), AnyError> {
|
|||
args: vec![],
|
||||
debug_flag: false,
|
||||
unstable: false,
|
||||
unsafely_treat_insecure_origin_as_secure: None,
|
||||
unsafely_ignore_certificate_errors: None,
|
||||
root_cert_store: None,
|
||||
user_agent: "hello_runtime".to_string(),
|
||||
seed: None,
|
||||
|
|
|
@ -253,7 +253,7 @@ pub struct WebWorkerOptions {
|
|||
pub args: Vec<String>,
|
||||
pub debug_flag: bool,
|
||||
pub unstable: bool,
|
||||
pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
pub root_cert_store: Option<RootCertStore>,
|
||||
pub user_agent: String,
|
||||
pub seed: Option<u64>,
|
||||
|
@ -305,12 +305,12 @@ impl WebWorker {
|
|||
options.root_cert_store.clone(),
|
||||
None,
|
||||
None,
|
||||
options.unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
),
|
||||
deno_websocket::init::<Permissions>(
|
||||
options.user_agent.clone(),
|
||||
options.root_cert_store.clone(),
|
||||
options.unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
),
|
||||
deno_broadcast_channel::init(
|
||||
options.broadcast_channel.clone(),
|
||||
|
@ -344,7 +344,7 @@ impl WebWorker {
|
|||
deno_net::init::<Permissions>(
|
||||
options.root_cert_store.clone(),
|
||||
options.unstable,
|
||||
options.unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
),
|
||||
ops::os::init(),
|
||||
ops::permissions::init(),
|
||||
|
|
|
@ -50,7 +50,7 @@ pub struct WorkerOptions {
|
|||
pub args: Vec<String>,
|
||||
pub debug_flag: bool,
|
||||
pub unstable: bool,
|
||||
pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
|
||||
pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
||||
pub root_cert_store: Option<RootCertStore>,
|
||||
pub user_agent: String,
|
||||
pub seed: Option<u64>,
|
||||
|
@ -104,12 +104,12 @@ impl MainWorker {
|
|||
options.root_cert_store.clone(),
|
||||
None,
|
||||
None,
|
||||
options.unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
),
|
||||
deno_websocket::init::<Permissions>(
|
||||
options.user_agent.clone(),
|
||||
options.root_cert_store.clone(),
|
||||
options.unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
),
|
||||
deno_webstorage::init(options.origin_storage_dir.clone()),
|
||||
deno_crypto::init(options.seed),
|
||||
|
@ -134,7 +134,7 @@ impl MainWorker {
|
|||
deno_net::init::<Permissions>(
|
||||
options.root_cert_store.clone(),
|
||||
options.unstable,
|
||||
options.unsafely_treat_insecure_origin_as_secure.clone(),
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
),
|
||||
ops::os::init(),
|
||||
ops::permissions::init(),
|
||||
|
@ -304,7 +304,7 @@ mod tests {
|
|||
args: vec![],
|
||||
debug_flag: false,
|
||||
unstable: false,
|
||||
unsafely_treat_insecure_origin_as_secure: None,
|
||||
unsafely_ignore_certificate_errors: None,
|
||||
root_cert_store: None,
|
||||
seed: None,
|
||||
js_error_create_fn: None,
|
||||
|
|
Loading…
Reference in a new issue