MM-41042: Allow trusted plugin routes (#1956)

* Allow trusted plugin routes The only allowed plugin route is, for now, the export endpoint for the channel export plugin. * Keep it simple
2022-01-20 21:19:48 +01:00
parent e446b13b34
commit c43dfe6002
3 changed files with 16 additions and 0 deletions
--- a/src/common/utils/url.ts
+++ b/src/common/utils/url.ts
@@ -204,6 +204,10 @@ function isCustomLoginURL(url: URL | string, server: ServerFromURL, teams: TeamW
    return false;
 }

+function isChannelExportUrl(serverUrl: URL | string, inputUrl: URL | string): boolean {
+    return isUrlType('plugins/com.mattermost.plugin-channel-export/api/v1/export', serverUrl, inputUrl);
+}
+
 export default {
    isValidURL,
    isValidURI,
@@ -218,4 +222,5 @@ export default {
    getHost,
    isTrustedURL,
    isCustomLoginURL,
+    isChannelExportUrl,
 };