Add warning for insecure HTTP

This commit is contained in:
rugk 2019-02-13 11:59:07 +01:00
parent 48560e3d60
commit ba3efefc7b

View File

@ -4436,6 +4436,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
TopNav.init();
UiHelper.init();
Uploader.init();
InitialCheck.init();
// check whether existing paste needs to be shown
try {
@ -4465,6 +4466,70 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
return me;
})(window, document);
/**
* initial (security) check
*
* @name InitialCheck
* @param {object} window
* @param {object} document
* @class
*/
var InitialCheck = (function (window, document) {
var me = {};
/**
* check if the connection is insecure
*
* @private
* @name InitialCheck.isInsecureConnection
* @function
*/
function isInsecureConnection()
{
const url = new URL(document.URL);
// HTTP is obviously insecure
if (url.protocol !== 'http:') {
return false;
}
// filter out actually secure connections over HTTP
if (
url.hostname.endsWith('.onion') ||
url.hostname.endsWith('.i2p')
) {
return false;
}
// whitelist localhost for development
if (
url.hostname === 'localhost' ||
url.hostname === '127.0.0.1'
) {
return false;
}
// totally INSECURE http protocol!
return true;
}
/**
* init on application start
*
* @name InitialCheck.init
* @function
*/
me.init = function()
{
if (isInsecureConnection()) {
Alert.showError('This instance is using an insecure connection! Please only use this for testing.');
}
}
return me;
})(window, document);
return {
Helper: Helper,
I18n: I18n,