From 0d2c2993cb29a63a3dc7e798f9cda940d4f6e1e9 Mon Sep 17 00:00:00 2001 From: Andrew Paseltiner Date: Wed, 11 Dec 2024 09:31:46 -0500 Subject: [PATCH] Use more precise warning when public suffix is used as a destination (#1477) --- ts/src/header-validator/source.test.ts | 10 ++++++++++ ts/src/header-validator/validate.ts | 16 ++++++++++------ 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/ts/src/header-validator/source.test.ts b/ts/src/header-validator/source.test.ts index d6cba708ef..9d75a45e14 100644 --- a/ts/src/header-validator/source.test.ts +++ b/ts/src/header-validator/source.test.ts @@ -283,6 +283,16 @@ const testCases: TestCase[] = [ }, ], }, + { + name: 'destination-uses-public-suffix', + input: `{"destination": "https://com"}`, + expectedWarnings: [ + { + msg: 'com is a public suffix: only triggers from https://com itself will match, not e.g. https://example.com', + path: ['destination'], + }, + ], + }, { name: 'filter-data-wrong-type', diff --git a/ts/src/header-validator/validate.ts b/ts/src/header-validator/validate.ts index d3d9fdb237..d728e86d33 100644 --- a/ts/src/header-validator/validate.ts +++ b/ts/src/header-validator/validate.ts @@ -375,10 +375,14 @@ export function suitableOrigin(s: string, ctx: Context): Maybe { } export function suitableSite(s: string, ctx: Context): Maybe { - return suitableScope( - s, - ctx, - 'site', - (u) => `${u.protocol}//${psl.get(u.hostname)}` - ) + return suitableScope(s, ctx, 'site', (u) => { + let site = psl.get(u.hostname) + if (site === null) { + ctx.warning( + `${u.hostname} is a public suffix: only triggers from ${u.protocol}//${u.hostname} itself will match, not e.g. ${u.protocol}//example.${u.hostname}` + ) + site = u.hostname + } + return `${u.protocol}//${site}` + }) }