Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #708 - Open PayPal inside the Facebook when donating #755

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix #708 - Open PayPal inside the Facebook when donating #755

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 36 additions & 11 deletions src/background.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ async function maybeReopenTab (url, tab, request) {
// We don't reopen MAC assigned urls
return;
}
const cookieStoreId = await shouldContainInto(url, tab);
const cookieStoreId = await shouldContainInto(url, tab, request);
if (!cookieStoreId) {
// Tab doesn't need to be contained
return;
Expand Down Expand Up @@ -291,17 +291,16 @@ function getRootDomain(url) {

}

function topFrameUrlIsFacebookApps(frameAncestorsArray) {
if (!frameAncestorsArray || frameAncestorsArray.length === 0) {
function topFrameUrlMatcher(frameAncestorsArray, allowedDomain) {
if (!frameAncestorsArray || !allowedDomain || frameAncestorsArray.length === 0) {
// No frame ancestor return false
return false;
}

const appsFacebookURL = "https://apps.facebook.com";
const frameAncestorsURL = frameAncestorsArray[0].url;

if (!frameAncestorsURL.startsWith(appsFacebookURL)) {
// Only allow frame ancestors that originate from apps.facebook.com
if (!frameAncestorsURL.startsWith(allowedDomain)) {
// Only allow frame ancestors that originate from matched URL
return false;
}

Expand All @@ -318,6 +317,18 @@ function isFacebookURL (url) {
return false;
}

function isPayPalURL (url) {
// TODO: Determine if we need to limit to just www, or wildecard the subdomain
// Test for any URLs that match paypalobjects.com or paypal.com
const parsedUrl = new URL(url);
const payPalRegex = new RegExp("^(.*\\.)?paypal.com$");
const payPalObjectsRegex = new RegExp("^(.*\\.)?paypalobjects.com$");
if (payPalRegex.test(parsedUrl.host) || payPalObjectsRegex.test(parsedUrl.host)) {
return true;
}
return false;
}

// TODO: refactor parsedUrl "up" so new URL doesn't have to be called so much
// TODO: refactor fbcStorage "up" so browser.storage.local.get doesn't have to be called so much
async function addDomainToFacebookContainer (url) {
Expand All @@ -343,15 +354,18 @@ async function isAddedToFacebookContainer (url) {
return false;
}

async function shouldContainInto (url, tab) {
async function shouldContainInto (url, tab, request) {
if (!url.startsWith("http")) {
// we only handle URLs starting with http(s)
return false;
}

const hasBeenAddedToFacebookContainer = await isAddedToFacebookContainer(url);

if (isFacebookURL(url) || hasBeenAddedToFacebookContainer) {
// Github #708 - This logic allows payment services opened from Facebook to stay inside Facebook Container
const frameAncestorUrlIsFacebookDonate = topFrameUrlMatcher(request.originUrl, "https://facebook.com/donate");

if (isFacebookURL(url) || hasBeenAddedToFacebookContainer || frameAncestorUrlIsFacebookDonate) {
if (tab.cookieStoreId !== facebookCookieStoreId) {
// Facebook-URL outside of Facebook Container Tab
// Should contain into Facebook Container
Expand Down Expand Up @@ -525,8 +539,10 @@ async function blockFacebookSubResources (requestDetails) {
}

const urlIsFacebook = isFacebookURL(requestDetails.url);
// If this request isn't going to Facebook, let's return {} ASAP
if (!urlIsFacebook) {
const urlIsPayPal = isPayPalURL(requestDetails.url);

// If this request isn't going to Facebook or PayPal, let's return {} ASAP
if (!urlIsFacebook && !urlIsPayPal) {
return {};
}

Expand All @@ -539,7 +555,7 @@ async function blockFacebookSubResources (requestDetails) {
return {};
}

const frameAncestorUrlIsFacebookApps = topFrameUrlIsFacebookApps(requestDetails.frameAncestors);
const frameAncestorUrlIsFacebookApps = topFrameUrlMatcher(requestDetails.frameAncestors, "https://apps.facebook.com");

if (frameAncestorUrlIsFacebookApps) {
const message = {msg: "facebook-domain"};
Expand All @@ -548,6 +564,15 @@ async function blockFacebookSubResources (requestDetails) {
return {};
}

const frameAncestorUrlIsFacebookDonate = topFrameUrlMatcher(requestDetails.frameAncestors, "https://facebook.com/donate");

if (urlIsPayPal || frameAncestorUrlIsFacebookDonate) {
const message = {msg: "allowed-paypal-subresources"};
// Send the message to the content_script
browser.tabs.sendMessage(requestDetails.tabId, message);
return {};
}

const hasBeenAddedToFacebookContainer = await isAddedToFacebookContainer(requestDetails.originUrl);

if ( urlIsFacebook && !originUrlIsFacebook ) {
Expand Down