diff --git a/packages/common/src/constants.ts b/packages/common/src/constants.ts index 197278c6c..356482b95 100644 --- a/packages/common/src/constants.ts +++ b/packages/common/src/constants.ts @@ -29,12 +29,28 @@ const SYNCED_DOMAINS_DEVELOPMENT_BUILD = [ ...DAPP_DEV_DOMAINS, ] as const; +const KNOWN_AVACLOUD_DOMAINS = [ + 'avacloud.io', + 'avacloud-app.pages.dev', + 'launchpad.avacloud.io', +]; + +const PLAYGROUD_APP = 'ava-labs.github.io'; + export const KNOWN_CORE_DOMAINS = [ CORE_WEB_DOMAIN, ...CORE_WEB_STAGING_DOMAINS, ...DAPP_DEV_DOMAINS, ] as const; +// Domains allowed to access the avalanche_* methods +export const WHITELISTED_DOMAINS = [ + ...KNOWN_CORE_DOMAINS, + ...KNOWN_AVACLOUD_DOMAINS, + ...DAPP_DEV_DOMAINS, + PLAYGROUD_APP, +]; + export const SYNCED_DOMAINS = isProductionBuild() ? SYNCED_DOMAINS_PRODUCTION_BUILD : SYNCED_DOMAINS_DEVELOPMENT_BUILD; diff --git a/packages/service-worker/src/connections/middlewares/PermissionMiddleware.ts b/packages/service-worker/src/connections/middlewares/PermissionMiddleware.ts index 18ceeb401..c285064b4 100644 --- a/packages/service-worker/src/connections/middlewares/PermissionMiddleware.ts +++ b/packages/service-worker/src/connections/middlewares/PermissionMiddleware.ts @@ -2,7 +2,6 @@ import { AccountsService } from '../../services/accounts/AccountsService'; import { LockService } from '../../services/lock/LockService'; import { PermissionsService } from '../../services/permissions/PermissionsService'; import { - CORE_DOMAINS, ExtensionConnectionMessage, ExtensionConnectionMessageResponse, DAppProviderRequest, @@ -11,6 +10,7 @@ import { } from '@core/types'; import { Middleware } from './models'; import { RpcMethod } from '@avalabs/vm-module-types'; +import { WHITELISTED_DOMAINS } from '@core/common'; const RESTRICTED_METHODS = Object.freeze([] as string[]); @@ -164,8 +164,8 @@ export function PermissionMiddleware( if ( context.authenticated === true && - (CORE_DOMAINS.includes(domain) || - CORE_DOMAINS.includes(domainWithoutSubdomain.join('.'))) + (WHITELISTED_DOMAINS.includes(domain) || + WHITELISTED_DOMAINS.includes(domainWithoutSubdomain.join('.'))) ) { next(); } else { diff --git a/packages/types/src/ui-connection.ts b/packages/types/src/ui-connection.ts index a3550b82f..0c182cd34 100644 --- a/packages/types/src/ui-connection.ts +++ b/packages/types/src/ui-connection.ts @@ -334,20 +334,6 @@ export interface JSONRPCRequestWithDomain extends JsonRpcRequest { domain: string; } -export const CORE_DOMAINS = [ - 'localhost', - '127.0.0.1', - 'core-web.pages.dev', - 'core.app', - 'staging.core.app', - 'develop.core.app', - 'ava-labs.github.io', // playground - 'avacloud.io', - 'avacloud-app.pages.dev', - 'launch-4zn.pages.dev', - 'launchpad.avacloud.io ', -]; - export interface ConnectionController { connect(connection: Runtime.Port): void; disconnect(): void;