Add whitelistHosts option.

cypress-io · Mar 13, 2018 · 5664efb · 5664efb
1 parent 1251fce
commit 5664efb
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 5 deletions.
diff --git a/cli/schema/cypress.schema.json b/cli/schema/cypress.schema.json
@@ -147,6 +147,14 @@
       "default": null,
       "description": "A String or Array of hosts that you wish to block traffic for. Please read the notes for examples on using this https://on.cypress.io/configuration#blacklistHosts"
     },
+    "whitelistHosts": {
+      "type": ["string", "array"],
+      "items": {
+        "type": "string"
+      },
+      "default": null,
+      "description": "A String or Array of hosts that you wish to allow traffic for. Please read the notes for examples on using this https://on.cypress.io/configuration#whitelistHosts"
+    },
     "modifyObstructiveCode": {
       "type": "boolean",
       "default": true,

diff --git a/packages/server/lib/config.coffee b/packages/server/lib/config.coffee
@@ -45,7 +45,8 @@ configKeys = toWords """
   testFiles                       execTimeout
   trashAssetsBeforeHeadlessRuns   pageLoadTimeout
   blacklistHosts                  requestTimeout
-  userAgent                       responseTimeout
+  whitelistHosts                  responseTimeout
+  userAgent
   viewportWidth
   viewportHeight
   videoRecording
@@ -87,6 +88,7 @@ defaults = {
   reporter:                      "spec"
   reporterOptions:               null
   blacklistHosts:                null
+  whitelistHosts:                null
   clientRoute:                   "/__/"
   xhrRoute:                      "/xhrs/"
   socketIoRoute:                 "/__socket.io"
@@ -130,6 +132,7 @@ validationRules = {
   animationDistanceThreshold: v.isNumber
   baseUrl: v.isFullyQualifiedUrl
   blacklistHosts: v.isStringOrArrayOfStrings
+  whitelistHosts: v.isStringOrArrayOfStrings
   modifyObstructiveCode: v.isBoolean
   chromeWebSecurity: v.isBoolean
   defaultCommandTimeout: v.isNumber
@@ -245,6 +248,9 @@ module.exports = {
     if blacklistHosts = config.blacklistHosts
       config.blacklistHosts = toArrayFromPipes(blacklistHosts)
 
+    if whitelistHosts = config.whitelistHosts
+      config.whitelistHosts = toArrayFromPipes(whitelistHosts)
+
     ## when headless
     if config.isTextTerminal
       ## dont ever watch for file changes

diff --git a/packages/server/lib/controllers/proxy.coffee b/packages/server/lib/controllers/proxy.coffee
@@ -75,6 +75,20 @@ module.exports = {
 
         return res.status(503).end()
 
+    ## if we have white listed hosts
+    if wlh = config.whitelistHosts
+      ## and url does not match any of our whitelisted hosts
+      if not matched = blacklist.matches(req.proxiedUrl, wlh)
+        ## then bail and return with 503
+        ## and set a custom header
+        res.set("x-cypress-not-matched-whitelisted-host", '1')
+
+        debug("blacklisting request %o as not on whitelist", {
+          url: req.proxiedUrl
+        })
+
+        return res.status(503).end()
+
     thr = through (d) -> @queue(d)
 
     @getHttpContent(thr, req, res, remoteState, config, request)

diff --git a/packages/server/lib/server.coffee b/packages/server/lib/server.coffee
@@ -134,7 +134,7 @@ class Server
 
   createServer: (app, config, request) ->
     new Promise (resolve, reject) =>
-      {port, fileServerFolder, socketIoRoute, baseUrl, blacklistHosts} = config
+      {port, fileServerFolder, socketIoRoute, baseUrl, blacklistHosts, whitelistHosts} = config
 
       @_server  = http.createServer(app)
       @_wsProxy = httpProxy.createProxyServer()
@@ -190,6 +190,11 @@ class Server
 
               debug("HTTPS request #{urlToCheck} matches blacklist?", isMatching)
 
+            if whitelistHosts and not isMatching
+              isMatching = not blacklist.matches(urlToCheck, whitelistHosts)
+
+              debug("HTTPS request #{urlToCheck} does not match whitelist?", isMatching)
+
             ## make a direct connection only if
             ## our req url does not match the origin policy
             ## which is the superDomain + port

diff --git a/packages/server/lib/util/blacklist.coffee b/packages/server/lib/util/blacklist.coffee
@@ -16,9 +16,9 @@ stripProtocolAndDefaultPorts = (urlToCheck) ->
   ## else return the host
   return host
 
-matches = (urlToCheck, blacklistHosts) ->
+matches = (urlToCheck, listHosts) ->
   ## normalize into flat array
-  blacklistHosts = [].concat(blacklistHosts)
+  listHosts = [].concat(listHosts)
 
   urlToCheck = stripProtocolAndDefaultPorts(urlToCheck)
 
@@ -27,7 +27,7 @@ matches = (urlToCheck, blacklistHosts) ->
     ## to see if any match
     minimatch(urlToCheck, hostMatcher)
 
-  _.find(blacklistHosts, matchUrl)
+  _.find(listHosts, matchUrl)
 
 
 module.exports = {