diff options
| author | TheAifam5 <theaifam5@gmail.com> | 2021-08-09 16:53:21 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-09 16:53:21 +0200 |
| commit | 353a4a1af3165b2c59319865350d70a99105269c (patch) | |
| tree | 32eb71ccef95552bd4ec4af176b7ddcfe51d172c /extensions/websocket/lib.rs | |
| parent | 3ab50b355141f744a0acec1a5cc3b3b95247d4b1 (diff) | |
feat: Add --unsafely-treat-insecure-origin-as-secure flag to disable SSL verification (#11324)
This commit adds "--unsafely-treat-insecure-origin-as-secure" flag
that allows to disable SSL verification for all domains, or specific
domains if they were passed as an argument to the flag.
Co-authored-by: Bartek IwaĆczuk <biwanczuk@gmail.com>
Diffstat (limited to 'extensions/websocket/lib.rs')
| -rw-r--r-- | extensions/websocket/lib.rs | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/extensions/websocket/lib.rs b/extensions/websocket/lib.rs index 01f0a523d..896a5f2e2 100644 --- a/extensions/websocket/lib.rs +++ b/extensions/websocket/lib.rs @@ -54,6 +54,12 @@ pub trait WebSocketPermissions { fn check_net_url(&mut self, _url: &url::Url) -> Result<(), AnyError>; } +/// `UnsafelyTreatInsecureOriginAsSecure` is a wrapper struct so it can be placed inside `GothamState`; +/// using type alias for a `Option<Vec<String>>` could work, but there's a high chance +/// that there might be another type alias pointing to a `Option<Vec<String>>`, which +/// would override previously used alias. +pub struct UnsafelyTreatInsecureOriginAsSecure(Option<Vec<String>>); + /// For use with `op_websocket_*` when the user does not want permissions. pub struct NoWebSocketPermissions; @@ -197,6 +203,11 @@ where ); } + let unsafely_treat_insecure_origin_as_secure = state + .borrow() + .borrow::<UnsafelyTreatInsecureOriginAsSecure>() + .0 + .clone(); let root_cert_store = state.borrow().borrow::<WsRootStore>().0.clone(); let user_agent = state.borrow().borrow::<WsUserAgent>().0.clone(); let uri: Uri = args.url.parse()?; @@ -221,7 +232,11 @@ where let socket: MaybeTlsStream<TcpStream> = match uri.scheme_str() { Some("ws") => MaybeTlsStream::Plain(tcp_socket), Some("wss") => { - let tls_config = create_client_config(root_cert_store, None)?; + let tls_config = create_client_config( + root_cert_store, + None, + unsafely_treat_insecure_origin_as_secure, + )?; let tls_connector = TlsConnector::from(Arc::new(tls_config)); let dnsname = DNSNameRef::try_from_ascii_str(domain) .map_err(|_| invalid_hostname(domain))?; @@ -377,6 +392,7 @@ pub async fn op_ws_next_event( pub fn init<P: WebSocketPermissions + 'static>( user_agent: String, root_cert_store: Option<RootCertStore>, + unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>, ) -> Extension { Extension::builder() .js(include_js_files!( @@ -395,6 +411,9 @@ pub fn init<P: WebSocketPermissions + 'static>( ]) .state(move |state| { state.put::<WsUserAgent>(WsUserAgent(user_agent.clone())); + state.put(UnsafelyTreatInsecureOriginAsSecure( + unsafely_treat_insecure_origin_as_secure.clone(), + )); state.put::<WsRootStore>(WsRootStore(root_cert_store.clone())); Ok(()) }) |