github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 01:33:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(browser): unify SSRF guard path for navigation

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 13:43:48 +01:00
parent 3c419b7bd3
commit 6195660b1a
15 changed files with 269 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/browser/navigation-guard.ts Normal file
View File

@@ -0,0 +1,28 @@
import { resolvePinnedHostnameWithPolicy, type SsrFPolicy } from "../infra/net/ssrf.js";
const NETWORK_NAVIGATION_PROTOCOLS = new Set(["http:", "https:"]);
export async function assertBrowserNavigationAllowed(opts: {
url: string;
ssrfPolicy?: SsrFPolicy;
}): Promise<void> {
const rawUrl = String(opts.url ?? "").trim();
if (!rawUrl) {
throw new Error("url is required");
}
let parsed: URL;
try {
parsed = new URL(rawUrl);
} catch {
throw new Error(`Invalid URL: ${rawUrl}`);
}
if (!NETWORK_NAVIGATION_PROTOCOLS.has(parsed.protocol)) {
return;
}
await resolvePinnedHostnameWithPolicy(parsed.hostname, {
policy: opts.ssrfPolicy,
});
}