diff --git a/README.md b/README.md index 49d73bb1c..3f816ab76 100644 --- a/README.md +++ b/README.md @@ -92,13 +92,13 @@ server.start(); ## Using Node/npm Dependencies -### Whitelisting Packages +### Allowlisting Packages When your app is running in FastBoot, it may need to use Node packages to replace features that are available only in the browser. For security reasons, your Ember app running in FastBoot can only access -packages that you have explicitly whitelisted. +packages that you have explicitly listed as allowed. To allow your app to require a package, add it to the `fastbootDependencies` array in your app's `package.json`: @@ -132,14 +132,14 @@ hash.** Built-in modules (`path`, `fs`, etc.) only need to be added to From your Ember.js app, you can run `FastBoot.require()` to require a package. This is identical to the CommonJS `require` except it checks -all requests against the whitelist first. +all requests against the allowlist first. ```js let path = FastBoot.require('path'); let filePath = path.join('tmp', session.getID()); ``` -If you attempt to require a package that is not in the whitelist, +If you attempt to require a package that is not in the allowlist, FastBoot will raise an exception. Note that the `FastBoot` global is **only** available when running in @@ -273,14 +273,14 @@ module.exports = function(environment) { }, fastboot: { - hostWhitelist: ['example.com', 'subdomain.example.com', /^localhost:\d+$/] + hostAllowlist: ['example.com', 'subdomain.example.com', /^localhost:\d+$/] } }; // ... }; ``` -The `hostWhitelist` can be a string or RegExp to match multiple hosts. +The `hostAllowlist` can be a string or RegExp to match multiple hosts. Care should be taken when using a RegExp, as the host function relies on the `Host` HTTP header, which can be forged. You could potentially allow a malicious request if your RegExp is too permissive when using the `host` @@ -288,8 +288,8 @@ when making subsequent requests. Retrieving `host` will error on 2 conditions: - 1. you do not have a `hostWhitelist` defined - 2. the `Host` header does not match an entry in your `hostWhitelist` + 1. you do not have a `hostAllowlist` defined + 2. the `Host` header does not match an entry in your `hostAllowlist` ### Query Parameters diff --git a/packages/ember-cli-fastboot/fastboot/initializers/ajax.js b/packages/ember-cli-fastboot/fastboot/initializers/ajax.js index eeef2b9ee..eea999fe3 100644 --- a/packages/ember-cli-fastboot/fastboot/initializers/ajax.js +++ b/packages/ember-cli-fastboot/fastboot/initializers/ajax.js @@ -14,7 +14,7 @@ var nodeAjax = function(options) { try { options.url = protocol + '//' + get(this, 'fastboot.request.host') + options.url; } catch (fbError) { - throw new Error('You are using Ember Data with no host defined in your adapter. This will attempt to use the host of the FastBoot request, which is not configured for the current host of this request. Please set the hostWhitelist property for in your environment.js. FastBoot Error: ' + fbError.message); + throw new Error('You are using Ember Data with no host defined in your adapter. This will attempt to use the host of the FastBoot request, which is not configured for the current host of this request. Please set the hostAllowlist property for in your environment.js. FastBoot Error: ' + fbError.message); } } diff --git a/packages/ember-cli-fastboot/index.js b/packages/ember-cli-fastboot/index.js index 433f58069..5bf4e95a1 100644 --- a/packages/ember-cli-fastboot/index.js +++ b/packages/ember-cli-fastboot/index.js @@ -239,7 +239,7 @@ module.exports = { /** * Need to handroll our own clone algorithm since JSON.stringy changes regex - * to empty objects which breaks hostWhiteList property of fastboot. + * to empty objects which breaks hostAllowList property of fastboot. * * @param {Object} config */ diff --git a/packages/ember-cli-fastboot/lib/broccoli/fastboot-config.js b/packages/ember-cli-fastboot/lib/broccoli/fastboot-config.js index 0f7e5b659..a30659d0d 100644 --- a/packages/ember-cli-fastboot/lib/broccoli/fastboot-config.js +++ b/packages/ember-cli-fastboot/lib/broccoli/fastboot-config.js @@ -50,7 +50,7 @@ module.exports = class FastBootConfig extends Plugin { this.buildConfig(); this.buildDependencies(); this.buildManifest(); - this.buildHostWhitelist(); + this.buildHostAllowlist(); let outputPath = path.join(this.outputPath, 'package.json'); this.writeFileIfContentChanged(outputPath, this.toJSONString()); @@ -85,7 +85,7 @@ module.exports = class FastBootConfig extends Plugin { buildDependencies() { let dependencies = {}; - let moduleWhitelist = []; + let moduleAllowlist = []; let ui = this.ui; eachAddonPackage(this.project, pkg => { @@ -101,7 +101,7 @@ module.exports = class FastBootConfig extends Plugin { return; } - moduleWhitelist.push(dep); + moduleAllowlist.push(dep); if (version) { dependencies[dep] = version; @@ -115,7 +115,7 @@ module.exports = class FastBootConfig extends Plugin { if (projectDeps) { projectDeps.forEach(dep => { - moduleWhitelist.push(dep); + moduleAllowlist.push(dep); let version = pkg.dependencies && pkg.dependencies[dep]; if (version) { @@ -125,7 +125,7 @@ module.exports = class FastBootConfig extends Plugin { } this.dependencies = dependencies; - this.moduleWhitelist = uniq(moduleWhitelist); + this.moduleAllowlist = uniq(moduleAllowlist); } updateFastBootManifest(manifest) { @@ -160,9 +160,9 @@ module.exports = class FastBootConfig extends Plugin { this.manifest = this.updateFastBootManifest(manifest); } - buildHostWhitelist() { + buildHostAllowlist() { if (this.fastbootAppConfig) { - this.hostWhitelist = this.fastbootAppConfig.hostWhitelist; + this.hostAllowlist = this.fastbootAppConfig.hostAllowlist; } } @@ -170,22 +170,22 @@ module.exports = class FastBootConfig extends Plugin { return stringify({ dependencies: this.dependencies, fastboot: { - moduleWhitelist: this.moduleWhitelist, + moduleAllowlist: this.moduleAllowlist, schemaVersion: LATEST_SCHEMA_VERSION, manifest: this.manifest, - hostWhitelist: this.normalizeHostWhitelist(), + hostAllowlist: this.normalizeHostAllowlist(), config: this.fastbootConfig, appName: this.appName, } }, null, 2); } - normalizeHostWhitelist() { - if (!this.hostWhitelist) { + normalizeHostAllowlist() { + if (!this.hostAllowlist) { return; } - return this.hostWhitelist.map(function(entry) { + return this.hostAllowlist.map(function(entry) { // Is a regex if (entry.source) { return '/' + entry.source + '/'; diff --git a/packages/ember-cli-fastboot/test/fixtures/fastboot-config/config/environment.js b/packages/ember-cli-fastboot/test/fixtures/fastboot-config/config/environment.js index 0f4973eed..d0265ffe3 100644 --- a/packages/ember-cli-fastboot/test/fixtures/fastboot-config/config/environment.js +++ b/packages/ember-cli-fastboot/test/fixtures/fastboot-config/config/environment.js @@ -19,7 +19,7 @@ module.exports = function(environment) { }, fastboot: { - hostWhitelist: ['example.com', 'subdomain.example.com', /localhost:\d+/] + hostAllowlist: ['example.com', 'subdomain.example.com', /localhost:\d+/] } }; diff --git a/packages/ember-cli-fastboot/test/fixtures/fastboot-location-config/config/environment.js b/packages/ember-cli-fastboot/test/fixtures/fastboot-location-config/config/environment.js index d77083df7..dbbd49429 100644 --- a/packages/ember-cli-fastboot/test/fixtures/fastboot-location-config/config/environment.js +++ b/packages/ember-cli-fastboot/test/fixtures/fastboot-location-config/config/environment.js @@ -8,7 +8,7 @@ module.exports = function(environment) { modulePrefix: 'fastboot-location-config', fastboot: { fastbootHeaders: false, - hostWhitelist: [/localhost:\d+/], + hostAllowlist: [/localhost:\d+/], redirectCode: 302, } }; diff --git a/packages/ember-cli-fastboot/test/fixtures/fastboot-location/config/environment.js b/packages/ember-cli-fastboot/test/fixtures/fastboot-location/config/environment.js index cf7bc0667..060b03dff 100644 --- a/packages/ember-cli-fastboot/test/fixtures/fastboot-location/config/environment.js +++ b/packages/ember-cli-fastboot/test/fixtures/fastboot-location/config/environment.js @@ -8,7 +8,7 @@ module.exports = function(environment) { modulePrefix: 'fastboot-location', fastboot: { fastbootHeaders: true, - hostWhitelist: [/localhost:\d+/] + hostAllowlist: [/localhost:\d+/] } }; diff --git a/packages/ember-cli-fastboot/test/fixtures/request/config/environment.js b/packages/ember-cli-fastboot/test/fixtures/request/config/environment.js index 0dd5a0b1b..650584bae 100644 --- a/packages/ember-cli-fastboot/test/fixtures/request/config/environment.js +++ b/packages/ember-cli-fastboot/test/fixtures/request/config/environment.js @@ -19,7 +19,7 @@ module.exports = function(environment) { }, fastboot: { - hostWhitelist: ['example.com', 'subdomain.example.com', /localhost:\d+/] + hostAllowlist: ['example.com', 'subdomain.example.com', /localhost:\d+/] } }; diff --git a/packages/ember-cli-fastboot/test/new-package-json-test.js b/packages/ember-cli-fastboot/test/new-package-json-test.js index 797b5089e..129f0bcaa 100644 --- a/packages/ember-cli-fastboot/test/new-package-json-test.js +++ b/packages/ember-cli-fastboot/test/new-package-json-test.js @@ -53,7 +53,7 @@ describe('FastbootConfig', function() { expect( output.read() ).to.deep.equal({ - 'package.json': `{"dependencies":{},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleWhitelist":[],"schemaVersion":3}}` + 'package.json': `{"dependencies":{},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleAllowlist":[],"schemaVersion":3}}` }); yield output.build(); @@ -84,7 +84,7 @@ describe('FastbootConfig', function() { expect( output.read() ).to.deep.equal({ - 'package.json': `{"dependencies":{"apple":"*","orange":"^1.0.0"},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleWhitelist":["apple","orange"],"schemaVersion":3}}` + 'package.json': `{"dependencies":{"apple":"*","orange":"^1.0.0"},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleAllowlist":["apple","orange"],"schemaVersion":3}}` }); project.pkg.fastbootDependencies = [ @@ -107,7 +107,7 @@ describe('FastbootConfig', function() { expect( output.read() ).to.deep.equal({ - 'package.json': `{"dependencies":{"apple":"^3.0.0","orange":"^1.0.0"},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleWhitelist":["apple","orange"],"schemaVersion":3}}` + 'package.json': `{"dependencies":{"apple":"^3.0.0","orange":"^1.0.0"},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleAllowlist":["apple","orange"],"schemaVersion":3}}` }); })); }); diff --git a/test-packages/basic-app/config/environment.js b/test-packages/basic-app/config/environment.js index bdccf58eb..6dba7e028 100644 --- a/test-packages/basic-app/config/environment.js +++ b/test-packages/basic-app/config/environment.js @@ -23,7 +23,7 @@ module.exports = function(environment) { }, fastboot: { - hostWhitelist: [ + hostAllowlist: [ 'example.com', 'subdomain.example.com', '/localhost:\\d+/', diff --git a/test-packages/basic-app/test/package-json-test.js b/test-packages/basic-app/test/package-json-test.js index 342ba2446..0b2075518 100644 --- a/test-packages/basic-app/test/package-json-test.js +++ b/test-packages/basic-app/test/package-json-test.js @@ -39,10 +39,10 @@ describe("generating package.json", function () { expect(pkg.fastboot.schemaVersion).to.deep.equal(3); }); - it("contains a whitelist of allowed module names", function () { + it("contains a list of allowed module names", function () { let pkg = fs.readJSONSync("dist/package.json"); - expect(pkg.fastboot.moduleWhitelist).to.deep.equal([ + expect(pkg.fastboot.moduleAllowlist).to.deep.equal([ "node-fetch", "abortcontroller-polyfill", "abortcontroller-polyfill/dist/cjs-ponyfill", @@ -73,10 +73,10 @@ describe("generating package.json", function () { }); }); - it("contains a list of whitelisted hosts from environment.js", function () { + it("contains a list of allowed hosts from environment.js", function () { let pkg = fs.readJSONSync("dist/package.json"); - expect(pkg.fastboot.hostWhitelist).to.deep.equal([ + expect(pkg.fastboot.hostAllowlist).to.deep.equal([ "example.com", "subdomain.example.com", "/localhost:\\d+/", @@ -117,7 +117,7 @@ describe("generating package.json", function () { autoboot: false, }, fastboot: { - hostWhitelist: [ + hostAllowlist: [ "example.com", "subdomain.example.com", "/localhost:\\d+/",