rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: remove domain isolation scripts and related components for cleanup

Browse source
This commit is contained in:
WhiteX 2025-06-14 10:18:11 +03:00 committed by rzmk
parent 98b833c8ba
commit f46f4dd552
13 changed files with 73 additions and 837 deletions
Download patch file Download diff file Expand all files Collapse all files

94
apps/web/public/api-response-sanitizer.js
View file

@ -1,94 +0,0 @@
/**
* API Response Sanitizer
*
* This script specifically handles API responses to ensure they don't contain
* URLs pointing to the wrong domain.
*/
(function() {
console.log('[Domain Isolation] Installing API response sanitizer...');
// Save reference to the original fetch
const originalFetch = window.fetch;
/**
* Recursively sanitize objects to replace URLs from wrong domains
*/
function sanitizeObject(obj, currentDomain) {
if (!obj || typeof obj !== 'object') return obj;
// Handle arrays
if (Array.isArray(obj)) {
return obj.map(item => sanitizeObject(item, currentDomain));
}
// Handle objects
const result = {};
for (const [key, value] of Object.entries(obj)) {
// Check if this is a URL string value
if (typeof value === 'string' &&
(value.startsWith('http://') || value.startsWith('https://'))) {
try {
const url = new URL(value);
if (url.hostname !== currentDomain &&
!url.hostname.includes('api-gateway.umami.dev')) {
console.log(`[Sanitizer] Found cross-domain URL: ${value}`);
const newValue = value.replace(url.hostname, currentDomain);
result[key] = newValue;
continue;
}
} catch (e) {
// Not a valid URL, keep original value
}
}
// Process nested objects/arrays
if (value && typeof value === 'object') {
result[key] = sanitizeObject(value, currentDomain);
} else {
result[key] = value;
}
}
return result;
}
// Override fetch to sanitize responses
window.fetch = async function(...args) {
const currentDomain = window.location.hostname;
// Call original fetch
const response = await originalFetch.apply(this, args);
// Clone the response so we can read it multiple times
const clonedResponse = response.clone();
// Only process JSON responses from API endpoints
const contentType = response.headers.get('content-type');
if (contentType && contentType.includes('application/json') &&
(args[0].includes('/api/') || args[0].includes('api/v1'))) {
try {
// Read and parse the response
const originalData = await clonedResponse.json();
// Sanitize the data
const sanitizedData = sanitizeObject(originalData, currentDomain);
// Create a new response with sanitized data
return new Response(JSON.stringify(sanitizedData), {
status: response.status,
statusText: response.statusText,
headers: response.headers
});
} catch (e) {
console.error('[Domain Isolation] Error sanitizing response:', e);
return response; // Return original response on error
}
}
return response;
};
console.log('[Domain Isolation] API response sanitizer installed');
})();

82
apps/web/public/domain-isolation-loader.js
View file

@ -1,82 +0,0 @@
// Domain Isolation Loader
// This script loads before any other scripts to ensure all requests stay within the current domain
(function() {
console.log('[Domain Isolation] Initializing early domain isolation...');
// Override createElement to patch script elements before they load
const originalCreateElement = document.createElement.bind(document);
document.createElement = function(tagName) {
const element = originalCreateElement(tagName);
if (tagName.toLowerCase() === 'script') {
const originalSetAttribute = element.setAttribute.bind(element);
element.setAttribute = function(name, value) {
if (name === 'src' && typeof value === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(value, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Pre-load intercepted cross-domain script:', value);
value = value.replace(/https?:\/\/[^\/]+/, window.location.origin);
console.log('[Domain Isolation] Changed to:', value);
}
} catch (e) {
console.error('[Domain Isolation] Error processing script URL:', e);
}
}
return originalSetAttribute(name, value);
};
}
return element;
};
// Store original URL manipulation methods
window.__domainIsolationOriginals = {
fetch: window.fetch,
open: XMLHttpRequest.prototype.open
};
// Simple early fetch override
window.fetch = function(url, options) {
if (typeof url === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Early loader redirecting fetch:', url);
url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
}
} catch (e) {
console.error('[Domain Isolation] Early loader error:', e);
}
}
return window.__domainIsolationOriginals.fetch.apply(this, arguments);
};
// Simple early XHR override
XMLHttpRequest.prototype.open = function(method, url, ...args) {
if (typeof url === 'string') {
try {
const currentDomain = window.location.hostname;
const urlObj = new URL(url, window.location.origin);
const targetDomain = urlObj.hostname;
if (targetDomain !== currentDomain) {
console.warn('[Domain Isolation] Early loader redirecting XHR:', url);
url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
}
} catch (e) {
console.error('[Domain Isolation] Early loader error:', e);
}
}
return window.__domainIsolationOriginals.open.apply(this, [method, url, ...args]);
};
console.log('[Domain Isolation] Early domain isolation initialized');
})();