Skip to content

Commit

Permalink
Merge pull request #8035 from brave/crowd_deny_proxy
Browse files Browse the repository at this point in the history 
Fix 8034: Add Crowd Deny requests to audit whitelist
  • Loading branch information
@jumde
jumde authored Feb 6, 2020
2 parents e3d80c5 + 4ed0db8 commit a64bfee
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
4 changes: 2 additions & 2 deletions lib/whitelistedUrlPatterns.js
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// Before adding to this list, get approval from the security team
module.exports = [
'http://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/chrome_component/.+', // allowed because it 307's to crlsets.brave.com
'https://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/chrome_component/.+', // allowed because it 307's to crlsets.brave.com
'http://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/.+', // allowed because it 307's to redirector.brave.com
'https://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/.+', // allowed because it 307's to redirector.brave.com
'http://www.google.com/dl/release2/chrome_component/.+crl-set.+', // allowed because it 307's to crlsets.brave.com
'https://www.google.com/dl/release2/chrome_component/.+crl-set.+', // allowed because it 307's to crlsets.brave.com
'http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/.+crxd', // allowed because it 307's to crlsets.brave.com,
Expand Down
5 changes: 3 additions & 2 deletions lib/whitelistedUrlPrefixes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ module.exports = [
'https://update.googleapis.com/service/update2', // allowed because it 307's to go-updater.brave.com. should never actually connect to googleapis.com.
'https://safebrowsing.googleapis.com/v4/threatListUpdates', // allowed because it 307's to safebrowsing.brave.com
'https://clients2.googleusercontent.com/crx/blobs/',
'http://dl.google.com/release2/chrome_component/', // allowed because it 307's to crlset1.brave.com
'https://dl.google.com/release2/chrome_component/', // allowed because it 307's to crlset1.brave.com
'http://dl.google.com/', // allowed because it 307's to redirector.brave.com
'https://dl.google.com/', // allowed because it 307's to redirector.brave.com
'https://no-thanks.invalid/', // fake gaia URL
'https://go-updater.brave.com/',
'https://safebrowsing.brave.com/',
Expand All @@ -30,4 +30,5 @@ module.exports = [
'https://dns.google/dns-query', // needed for DoH on Mac build machines
'https://chrome.cloudflare-dns.com/dns-query', // needed for DoH on Mac build machines
'https://tor.bravesoftware.com/', // for fetching tor client updater component
'https://redirector.brave.com/',
]

0 comments on commit a64bfee

Please sign in to comment.