From 42abc88e820e709c7c34e6afa817f27850942554 Mon Sep 17 00:00:00 2001 From: Jared Page Date: Fri, 30 Aug 2024 10:11:33 +1000 Subject: [PATCH 1/4] Added file:/ to the list of excluded paths and string contains --- src/Browsershot.php | 4 ++-- src/Exceptions/FileUrlNotAllowed.php | 2 +- src/Exceptions/HtmlIsNotAllowedToContainFile.php | 2 +- tests/BrowsershotTest.php | 8 ++++++++ 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/Browsershot.php b/src/Browsershot.php index d50ee04a..ae75955a 100644 --- a/src/Browsershot.php +++ b/src/Browsershot.php @@ -257,7 +257,7 @@ public function waitForSelector(string $selector, array $options = []): static public function setUrl(string $url): static { - if (str_starts_with(strtolower($url), 'file://')) { + if (str_starts_with(strtolower($url), 'file://') || str_starts_with(strtolower($url), 'file:/')) { throw FileUrlNotAllowed::make(); } @@ -289,7 +289,7 @@ public function setProxyServer(string $proxyServer): static public function setHtml(string $html): static { - if (str_contains(strtolower($html), 'file://')) { + if (str_contains(strtolower($html), 'file://') || str_contains(strtolower($html), 'file:/')) { throw HtmlIsNotAllowedToContainFile::make(); } diff --git a/src/Exceptions/FileUrlNotAllowed.php b/src/Exceptions/FileUrlNotAllowed.php index 3cc3bce8..f7d922c2 100644 --- a/src/Exceptions/FileUrlNotAllowed.php +++ b/src/Exceptions/FileUrlNotAllowed.php @@ -8,6 +8,6 @@ class FileUrlNotAllowed extends Exception { public static function make(): static { - return new static('An URL is not allow to start with file://'); + return new static('An URL is not allow to start with file:// or file:/'); } } diff --git a/src/Exceptions/HtmlIsNotAllowedToContainFile.php b/src/Exceptions/HtmlIsNotAllowedToContainFile.php index 8ba40540..be4b0516 100644 --- a/src/Exceptions/HtmlIsNotAllowedToContainFile.php +++ b/src/Exceptions/HtmlIsNotAllowedToContainFile.php @@ -8,6 +8,6 @@ class HtmlIsNotAllowedToContainFile extends Exception { public static function make(): static { - return new static('The specified HTML contains `file://`. This is not allowed.'); + return new static('The specified HTML contains `file://` or `file:/`. This is not allowed.'); } } diff --git a/tests/BrowsershotTest.php b/tests/BrowsershotTest.php index baf6df2b..81ef0e8d 100644 --- a/tests/BrowsershotTest.php +++ b/tests/BrowsershotTest.php @@ -60,6 +60,14 @@ Browsershot::html('

'); })->throws(HtmlIsNotAllowedToContainFile::class); +it('will not allow a slightly malformed file url', function () { + Browsershot::url('file:/test'); +})->throws(FileUrlNotAllowed::class); + +it('will not allow html to contain file:/', function () { + Browsershot::html('

'); +})->throws(HtmlIsNotAllowedToContainFile::class); + it('can take a high density screenshot', function () { $targetPath = __DIR__.'/temp/testScreenshot.png'; From d786b0cf3dd945a5d7c3f84b4617dd69eee72e68 Mon Sep 17 00:00:00 2001 From: Jared Page Date: Fri, 30 Aug 2024 13:47:35 +1000 Subject: [PATCH 2/4] Added ability to disableRedirects --- CHANGELOG.md | 9 +++++++++ bin/browser.cjs | 7 +++++++ src/Browsershot.php | 5 +++++ tests/BrowsershotTest.php | 20 ++++++++++++++++++++ 4 files changed, 41 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 29440ab5..a2ac2f2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## 4.3.1 - 2024-08-30 + +### What's Changed + +* Add check for `file:/` URL fetching by @JaredPage in https://github.com/spatie/browsershot/pull/xyz +* Added the ability to disable redirects via the `disableRedirects` method by @JaredPage in https://github.com/spatie/browsershot/pull/xyz + +**Full Changelog**: https://github.com/spatie/browsershot/compare/4.3.0...4.3.1 + ## 4.3.0 - 2024-08-22 ### What's Changed diff --git a/bin/browser.cjs b/bin/browser.cjs index 9d5b26d0..a9d74d46 100644 --- a/bin/browser.cjs +++ b/bin/browser.cjs @@ -191,6 +191,13 @@ const callChrome = async pup => { } } + if (request.options && request.options.disableRedirects) { + if (interceptedRequest.isNavigationRequest() && interceptedRequest.redirectChain().length) { + interceptedRequest.abort(); + return + } + } + if (request.options && request.options.extraNavigationHTTPHeaders) { // Do nothing in case of non-navigation requests. if (interceptedRequest.isNavigationRequest()) { diff --git a/src/Browsershot.php b/src/Browsershot.php index ae75955a..7a699ec9 100644 --- a/src/Browsershot.php +++ b/src/Browsershot.php @@ -472,6 +472,11 @@ public function blockDomains($array): static return $this->setOption('blockDomains', $array); } + public function disableRedirects(): static + { + return $this->setOption('disableRedirects', true); + } + public function pages(string $pages): static { return $this->setOption('pageRanges', $pages); diff --git a/tests/BrowsershotTest.php b/tests/BrowsershotTest.php index 81ef0e8d..35e906fe 100644 --- a/tests/BrowsershotTest.php +++ b/tests/BrowsershotTest.php @@ -68,6 +68,26 @@ Browsershot::html('

'); })->throws(HtmlIsNotAllowedToContainFile::class); +it('no redirects - will not follow redirects', function () { + $targetPath = __DIR__.'/temp/redirect_fail.pdf'; + + Browsershot::url('http://www.spatie.be') + ->disableRedirects() + ->save($targetPath); + + expect($targetPath)->not->toBeFile(); +})->throws(ProcessFailedException::class); + +it('no redirects - will still render direct 200 OKs', function () { + $targetPath = __DIR__.'/temp/redirect_success.pdf'; + + Browsershot::url('https://spatie.be/') + ->disableRedirects() + ->save($targetPath); + + expect($targetPath)->toBeFile(); +}); + it('can take a high density screenshot', function () { $targetPath = __DIR__.'/temp/testScreenshot.png'; From 7c9ea7d7bbdde99fa73650392e30d00b379100f9 Mon Sep 17 00:00:00 2001 From: Jared Page Date: Thu, 5 Sep 2024 12:02:08 +1000 Subject: [PATCH 3/4] Added documentation --- docs/miscellaneous-options/disabling-redirects.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 docs/miscellaneous-options/disabling-redirects.md diff --git a/docs/miscellaneous-options/disabling-redirects.md b/docs/miscellaneous-options/disabling-redirects.md new file mode 100644 index 00000000..d80d3137 --- /dev/null +++ b/docs/miscellaneous-options/disabling-redirects.md @@ -0,0 +1,12 @@ +--- +title: Disabling redirects +weight: 26 +--- + +To avoid redirects to domains that are not allowed in your environment, or for security reasons you can disable HTTP redirects. + +```php +Browsershot::url('http://www.spatie.be') + ->disableRedirects() + ... +``` From 8090cad026de13a3720e7ba82d04271a955fcc8d Mon Sep 17 00:00:00 2001 From: Alex Vanderbist Date: Mon, 25 Nov 2024 16:26:19 +0100 Subject: [PATCH 4/4] Keep original CHANGELOG.md Changelog gets updated automatically on release --- CHANGELOG.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2ac2f2d..29440ab5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,3 @@ -## 4.3.1 - 2024-08-30 - -### What's Changed - -* Add check for `file:/` URL fetching by @JaredPage in https://github.com/spatie/browsershot/pull/xyz -* Added the ability to disable redirects via the `disableRedirects` method by @JaredPage in https://github.com/spatie/browsershot/pull/xyz - -**Full Changelog**: https://github.com/spatie/browsershot/compare/4.3.0...4.3.1 - ## 4.3.0 - 2024-08-22 ### What's Changed