From cf94a7680aa4f1cd516f87467957ec7e0fdf21ba Mon Sep 17 00:00:00 2001 From: "Vladimir.Y" <1560781+vladimiry@users.noreply.github.com> Date: Mon, 21 Feb 2022 18:16:46 +0300 Subject: [PATCH] make "/core/v4/captcha" API URL embeddable in iframe, closes #490 --- patches/protonmail/captcha-3.patch | 45 ++++++++++++++++++++++++-- src/electron-main/web-request/index.ts | 12 +++++++ 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/patches/protonmail/captcha-3.patch b/patches/protonmail/captcha-3.patch index bb8cdb5ed..d17626683 100644 --- a/patches/protonmail/captcha-3.patch +++ b/patches/protonmail/captcha-3.patch @@ -1,12 +1,53 @@ diff --git a/packages/components/containers/api/humanVerification/Captcha.tsx b/packages/components/containers/api/humanVerification/Captcha.tsx -index af1defc99..cbf37a9a3 100644 +index af1defc99..52b9928a2 100644 --- a/packages/components/containers/api/humanVerification/Captcha.tsx +++ b/packages/components/containers/api/humanVerification/Captcha.tsx -@@ -11,6 +11,7 @@ const getIframeUrl = (token: string, theme?: CaptchaTheme) => { +@@ -4,6 +4,7 @@ import { getApiSubdomainUrl } from '@proton/shared/lib/helpers/url'; + import { Loader } from '../../../components/loader'; + import { CaptchaTheme } from './interface'; + ++/* electron-mail mark */ + const getIframeUrl = (token: string, theme?: CaptchaTheme) => { + const url = getApiSubdomainUrl('/core/v4/captcha'); + url.searchParams.set('Token', token); +@@ -11,8 +12,10 @@ const getIframeUrl = (token: string, theme?: CaptchaTheme) => { if (theme === 'dark') { url.searchParams.set('Dark', 'true'); } + url.protocol = "https:"; return url; }; ++/* electron-mail mark */ + + interface Props { + token: string; + +diff --git a/packages/shared/lib/helpers/url.ts b/packages/shared/lib/helpers/url.ts +index c2fbd33da..d0c274c8c 100644 +--- a/packages/shared/lib/helpers/url.ts ++++ b/packages/shared/lib/helpers/url.ts +@@ -175,13 +175,16 @@ export const getSecondLevelDomain = (hostname: string) => { + return hostname.substr(hostname.indexOf('.') + 1); + }; + ++/* electron-mail mark */ + export const getRelativeApiHostname = (hostname: string) => { + const idx = hostname.indexOf('.'); + const first = hostname.substr(0, idx); + const second = hostname.substr(idx + 1); + return `${first}-api.${second}`; + }; ++/* electron-mail mark */ + ++/* electron-mail mark */ + export const getApiSubdomainUrl = (pathname: string) => { + const url = new URL('/', window.location.origin); + if (url.hostname === 'localhost') { +@@ -192,6 +195,7 @@ export const getApiSubdomainUrl = (pathname: string) => { + url.pathname = pathname; + return url; + }; ++/* electron-mail mark */ + export const getAppUrlFromApiUrl = (apiUrl: string, appName: APP_NAMES) => { + const { subdomain } = APPS_CONFIGURATION[appName]; diff --git a/src/electron-main/web-request/index.ts b/src/electron-main/web-request/index.ts index bde04d2bd..b78e213eb 100644 --- a/src/electron-main/web-request/index.ts +++ b/src/electron-main/web-request/index.ts @@ -224,6 +224,18 @@ export function initWebRequestListenersByAccount( patchCorsResponseHeaders(responseHeaders, corsProxy); } + if (new URL(details.url).pathname === "/core/v4/captcha") { + for (const headerName of Object.keys(responseHeaders)) { + const headerValues = responseHeaders[headerName]; + if (headerName.toLowerCase() !== "content-security-policy" || !headerValues) { + continue; + } + responseHeaders[headerName] = headerValues.map((headerValue) => { + return headerValue.replace(/(frame-ancestors|report-uri|report-to)[\s]+([^;]*)[;]?/gi, ""); + }); + } + } + patchSameSiteCookieRecord(responseHeaders); callback({responseHeaders});