Fix origin validation check

Reviewed By: mweststrate Differential Revision: D35080146 fbshipit-source-id: 3b8353c23b7c9c2f537801513e518b5b23a11520
2022-03-24 09:49:16 -07:00
parent df018ebdcb
commit 04dfc91c51
2 changed files with 14 additions and 3 deletions
--- a/desktop/flipper-server-core/src/comms/BrowserServerWebSocket.tsx
+++ b/desktop/flipper-server-core/src/comms/BrowserServerWebSocket.tsx
@@ -18,6 +18,8 @@ import SecureServerWebSocket, {
 } from './SecureServerWebSocket';
 import {SecureClientQuery} from './ServerAdapter';
 import {ClientDescription, DeviceOS} from 'flipper-common';
+import {URL} from 'url';
+import {isFBBuild} from '../fb-stubs/constants';

 interface BrowserConnectionCtx extends SecureConnectionCtx {
  clientConnection?: BrowserClientConnection;
@@ -147,6 +149,15 @@ class BrowserServerWebSocket extends SecureServerWebSocket {

  protected verifyClient(): ws.VerifyClientCallbackSync {
    return (info: {origin: string; req: IncomingMessage; secure: boolean}) => {
+      if (isFBBuild) {
+        try {
+          const urlObj = new URL(info.origin);
+          if (urlObj.hostname.endsWith('.facebook.com')) {
+            return true;
+          }
+        } catch {}
+      }
+
      const ok = getFlipperServerConfig().validWebSocketOrigins.some(
        (validPrefix) => info.origin.startsWith(validPrefix),
      );