fix(driver): disallow POESESSID cookie

atty303 · May 24, 2024 · 1a8879e · 1a8879e
1 parent 44b0537
commit 1a8879e
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/packages/driver/src/js/error.ts b/packages/driver/src/js/error.ts
@@ -0,0 +1,6 @@
+export class UserError extends Error {
+  constructor(message: string | undefined) {
+    super(message);
+    this.name = "UserError";
+  }
+}
diff --git a/packages/driver/src/js/sub.ts b/packages/driver/src/js/sub.ts
@@ -88,6 +88,9 @@ export class SubScriptWorker {
         this.onFinished(result);
       },
       fetch: async (url: string, header: string | undefined, body: string | undefined) => {
+        if (header?.includes("POESESSID")) {
+          return JSON.stringify({ error: "POESESSID is not allowed to be sent to the server" });
+        }
         try {
           log.debug(tag.subscript, "fetch request", { url, header, body });
           const headers: Record<string, string> = header
@@ -100,8 +103,10 @@ export class SubScriptWorker {
           if (!headers["Content-Type"]) {
             headers["Content-Type"] = "application/x-www-form-urlencoded";
           }
+
           const r = await this.onFetch(url, headers, body);
           log.debug(tag.subscript, "fetch", r.body, r.status, r.error);
+
           const headerText = Object.entries(r?.headers ?? {})
             .map(([k, v]) => `${k}: ${v}`)
             .join("\n");