ringcentral / bugsnag-notification-app / 9834264886

coverage: 89.386% (-0.1%) from 89.485%
9834264886

push

github

web-flow 
misc: add referer checker and csp header (#72)

242 of 297 branches covered (81.48%)

Branch coverage included in aggregate %.

20 of 22 new or added lines in 3 files covered. (90.91%)

617 of 664 relevant lines covered (92.92%)

17.55 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.62
/src/server/utils/refererChecker.js
1 
function getOrigin(uri) {
2 
  if (!uri) {
15!
NEW
3 
    return null;
×
4 
  }
5 
  const url = new URL(uri);
15
6 
  return url.origin;
15
7 
}
8 










9



const KNOWN_REFERER_HOSTS = [




5





10



  getOrigin(process.env.APP_SERVER),










11



  getOrigin(process.env.RINGCENTRAL_CHATBOT_SERVER),










12



];










13












14



function refererChecker(req, res, next) {











15



  const referrer = req.get('Referer');




6






16



  if (!referrer) {





6






17



    res.status(403).send('No Referer');




1






18



    return;




1





19



  }











20



  const referrerOrigin = getOrigin(referrer);




5






21



  if (





5





22



    KNOWN_REFERER_HOSTS.find(host => {











23



      if (!host) {





6!






NEW


24



        return false;




×







25



      }











26



      return host === referrerOrigin;




6





27



    })










28



  ) {











29



    next();




4






30



    return;




4





31



  }











32



  res.status(403).send('Invalid Referer');




1





33



};










34













35



exports.refererChecker = refererChecker;




5



















    

  • 

    •