@forge/egress

2.3.02.3.1-next.0
out/egress/egress-filtering-service.js
out/egress/egress-filtering-service.js
+41
Index: package/out/egress/egress-filtering-service.js
===================================================================
--- package/out/egress/egress-filtering-service.js
+++ package/out/egress/egress-filtering-service.js
@@ -28,16 +28,57 @@
         }
         const parsedUrl = this.parseUrl(url);
         return this.allowedDomainExact(parsedUrl, this.URLs) || this.allowedDomainPattern(parsedUrl, this.wildcardDomains);
     }
+    isValidUrlCSP(url) {
+        if (this.allowsEverything) {
+            return true;
+        }
+        const parsedUrl = this.parseUrl(url);
+        return (this.allowedDomainExactAndPath(parsedUrl, this.URLs) ||
+            this.allowedDomainPatternAndPath(parsedUrl, this.wildcardDomains));
+    }
     allowedDomainExact(domain, allowList) {
         return allowList
             .filter((allowed) => allowed.protocol === domain.protocol)
             .some((url) => url.hostname === domain.hostname);
     }
+    allowedDomainExactAndPath(domain, allowList) {
+        return allowList
+            .filter((allowed) => this.protocolMatchesCSP(allowed.protocol, domain.protocol))
+            .filter((allowed) => allowed.hostname === domain.hostname)
+            .some((allowed) => this.pathMatches(allowed.pathname, domain.pathname));
+    }
     allowedDomainPattern(domain, allowList) {
         return allowList
             .filter((allowed) => allowed.protocol === domain.protocol)
             .some((pattern) => pattern.regex.test(domain.hostname));
     }
+    allowedDomainPatternAndPath(domain, allowList) {
+        return allowList
+            .filter((pattern) => this.protocolMatchesCSP(pattern.protocol, domain.protocol))
+            .filter((pattern) => pattern.regex.test(domain.hostname))
+            .some((allowed) => this.pathMatches(allowed.pathname, domain.pathname));
+    }
+    protocolMatchesCSP(allowedProtocol, requestProtocol) {
+        if (allowedProtocol === requestProtocol) {
+            return true;
+        }
+        if (allowedProtocol === 'http:' && requestProtocol === 'https:') {
+            return true;
+        }
+        if (allowedProtocol === 'ws:' && requestProtocol === 'wss:') {
+            return true;
+        }
+        return false;
+    }
+    pathMatches(allowedPath, requestPath) {
+        if (allowedPath === '/') {
+            return true;
+        }
+        if (allowedPath.endsWith('/')) {
+            return requestPath.startsWith(allowedPath);
+        }
+        return requestPath === allowedPath;
+    }
 }
 exports.EgressFilteringService = EgressFilteringService;