ringcentral / google-forms-notification-add-in / 9806321312

coverage: 94.862% (-0.3%) from 95.112%
9806321312

Pull #68

github

web-flow 
Merge 62972b365 into f4e53483d
Pull Request #68: misc: add referer checker and csp header

254 of 282 branches covered (90.07%)

Branch coverage included in aggregate %.

26 of 28 new or added lines in 4 files covered. (92.86%)

706 of 730 relevant lines covered (96.71%)

15.78 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.62
/src/server/lib/refererChecker.js
1 
function getOrigin(uri) {
2 
  if (!uri) {
85!
NEW
3 
    return null;
×
4 
  }
5 
  const url = new URL(uri);
85
6 
  return url.origin;
85
7 
}
8 










9



const KNOWN_REFERER_HOSTS = [




4





10



  getOrigin(process.env.APP_SERVER),










11



];










12












13



function refererChecker(req, res, next) {











14



  const referrer = req.get('Referer');




82






15



  if (!referrer) {





82






16



    res.status(403).send('No Referer');




1






17



    return;




1





18



  }











19



  const referrerOrigin = getOrigin(referrer);




81






20



  if (





81





21



    KNOWN_REFERER_HOSTS.find(host => {











22



      if (!host) {





81!






NEW


23



        return false;




×







24



      }











25



      return host === referrerOrigin;




81





26



    })










27



  ) {











28



    next();




80






29



    return;




80





30



  }











31



  res.status(403).send('Invalid Referer');




1





32



};










33













34



exports.refererChecker = refererChecker;




4



















    

  • 

    •