Merge pull request #10107 from appwrite/fix-origin-validation-extensions

fix: origin validation for web extensions

src/Appwrite/Network/Platform.php

@@ -24,6 +24,10 @@ class Platform
 
     public const SCHEME_HTTP = 'http';
     public const SCHEME_HTTPS = 'https';
+    public const SCHEME_CHROME_EXTENSION = 'chrome-extension';
+    public const SCHEME_FIREFOX_EXTENSION = 'moz-extension';
+    public const SCHEME_SAFARI_EXTENSION = 'safari-web-extension';
+    public const SCHEME_EDGE_EXTENSION = 'ms-browser-extension';
     public const SCHEME_IOS = 'appwrite-ios';
     public const SCHEME_MACOS = 'appwrite-macos';
     public const SCHEME_WATCHOS = 'appwrite-watchos';
@@ -45,6 +49,10 @@ class Platform
         self::SCHEME_ANDROID => 'Android',
         self::SCHEME_WINDOWS => 'Windows',
         self::SCHEME_LINUX => 'Linux',
+        self::SCHEME_CHROME_EXTENSION => 'Web (Chrome Extension)',
+        self::SCHEME_FIREFOX_EXTENSION => 'Web (Firefox Extension)',
+        self::SCHEME_SAFARI_EXTENSION => 'Web (Safari Extension)',
+        self::SCHEME_EDGE_EXTENSION => 'Web (Edge Extension)',
     ];
 
     /**

src/Appwrite/Network/Validator/Origin.php

@@ -42,7 +42,15 @@ class Origin extends Validator
         $this->scheme = $this->parseScheme($origin);
         $this->host = strtolower(parse_url($origin, PHP_URL_HOST) ?? '');
 
-        if (in_array($this->scheme, [Platform::SCHEME_HTTP, Platform::SCHEME_HTTPS], true)) {
+        $webPlatforms = [
+            Platform::SCHEME_HTTP,
+            Platform::SCHEME_HTTPS,
+            Platform::SCHEME_CHROME_EXTENSION,
+            Platform::SCHEME_FIREFOX_EXTENSION,
+            Platform::SCHEME_SAFARI_EXTENSION,
+            Platform::SCHEME_EDGE_EXTENSION,
+        ];
+        if (in_array($this->scheme, $webPlatforms, true)) {
             $validator = new Hostname($this->hostnames);
             return $validator->isValid($this->host);
         }

tests/unit/Network/Validators/OriginTest.php

@@ -94,5 +94,17 @@ class OriginTest extends TestCase
 
         $this->assertEquals(false, $validator->isValid('appwrite-windows://com.company.appname'));
         $this->assertEquals('Invalid Origin. Register your new client (com.company.appname) as a new Windows platform on your project console dashboard', $validator->getDescription());
+
+        $this->assertEquals(false, $validator->isValid('chrome-extension://com.company.appname'));
+        $this->assertEquals('Invalid Origin. Register your new client (com.company.appname) as a new Web (Chrome Extension) platform on your project console dashboard', $validator->getDescription());
+
+        $this->assertEquals(false, $validator->isValid('moz-extension://com.company.appname'));
+        $this->assertEquals('Invalid Origin. Register your new client (com.company.appname) as a new Web (Firefox Extension) platform on your project console dashboard', $validator->getDescription());
+
+        $this->assertEquals(false, $validator->isValid('safari-web-extension://com.company.appname'));
+        $this->assertEquals('Invalid Origin. Register your new client (com.company.appname) as a new Web (Safari Extension) platform on your project console dashboard', $validator->getDescription());
+
+        $this->assertEquals(false, $validator->isValid('ms-browser-extension://com.company.appname'));
+        $this->assertEquals('Invalid Origin. Register your new client (com.company.appname) as a new Web (Edge Extension) platform on your project console dashboard', $validator->getDescription());
     }
 }