fix: enterprise requests getting blocked by CSP. Require HTTPS

freaktechnik · freaktechnik · commit 919c380662fd · 2018-04-18T20:39:37.000+02:00
diff --git a/_locales/en/messages.json b/_locales/en/messages.json
@@ -130,6 +130,9 @@
     "account_enterprise-preconfig": {
         "message": "GitHub Enterprise ($1)"
     },
+    "account_enterprise-pat": {
+        "message": "GitHub Enterprise (Personal access token)"
+    },
     "addAccount": {
         "message": "Add account"
     },
diff --git a/manifest.json b/manifest.json
@@ -34,7 +34,7 @@
             }
         ]
     },
-    "content_security_policy": "default-src 'self'; connect-src https://api.github.com https://github.com; object-src 'none'; img-src 'self' data:",
+    "content_security_policy": "default-src 'self'; connect-src https://api.github.com https://github.com https://*; object-src 'none'; img-src 'self' data:",
     "default_locale": "en",
     "description": "__MSG_description__",
     "name": "__MSG_name__",
diff --git a/options.html b/options.html
@@ -36,7 +36,7 @@
                     </p>
                     <p class="browser-style">
                         <label for="enterprise-url" data-l10n-id="instanceURL">Instance URL</label>
-                        <input type="url" id="enterprise-url" class="browser-style" name="instanceURL" disabled>
+                        <input type="url" id="enterprise-url" class="browser-style" name="instanceURL" pattern="https://.+" placeholder="https://example.com" disabled>
                     </p>
                     <small data-l10n-id="enterprise_redirect">The redirect URL is "https://localhost/github-auth"</small>
                 </fieldset>
@@ -56,7 +56,7 @@
                     </p>
                     <p class="browser-style">
                         <label for="enterprise-pat-url" data-l10n-id="instanceURL">Instance URL</label>
-                        <input type="url" id="enterprise-pat-url" class="browser-style" name="instanceURL" disabled>
+                        <input type="url" id="enterprise-pat-url" class="browser-style" name="instanceURL" pattern="https://.+" placeholder="https://example.com" disabled>
                     </p>
                 </fieldset>
                 <button class="browser-style" type="submit" data-l10n-id="addAccount">Add account</button>
diff --git a/scripts/options.js b/scripts/options.js
@@ -150,10 +150,6 @@ class AccountManager extends window.StorageManager {
             }
 
             if(type === 'enterprise') {
-                if(!details.instanceURL.startsWith('https:')) {
-                    this.showError("Instance must be reachable via HTTPS for OAuth");
-                    return;
-                }
                 let permissionURL = details.instanceURL;
                 if(!permissionURL.endsWith('/')) {
                     permissionURL += '/';

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@`
`34`	`34`	`}`
`35`	`35`	`]`
`36`	`36`	`},`
`37`		`- "content_security_policy": "default-src 'self'; connect-src https://api.github.com https://github.com; object-src 'none'; img-src 'self' data:",`
	`37`	`+ "content_security_policy": "default-src 'self'; connect-src https://api.github.com https://github.com https://*; object-src 'none'; img-src 'self' data:",`
`38`	`38`	`"default_locale": "en",`
`39`	`39`	`"description": "__MSG_description__",`
`40`	`40`	`"name": "__MSG_name__",`