Skip to content

Commit d3c5855

Browse files
committed
Merge pull request #8035 from brave/crowd_deny_proxy
Fix 8034: Add Crowd Deny requests to audit whitelist
1 parent f325087 commit d3c5855

File tree

2 files changed

+5
-4
lines changed

2 files changed

+5
-4
lines changed

lib/whitelistedUrlPatterns.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
// Before adding to this list, get approval from the security team
22
module.exports = [
3-
'http://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/chrome_component/.+', // allowed because it 307's to crlsets.brave.com
4-
'https://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/chrome_component/.+', // allowed because it 307's to crlsets.brave.com
3+
'http://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/.+', // allowed because it 307's to redirector.brave.com
4+
'https://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/.+', // allowed because it 307's to redirector.brave.com
55
'http://www.google.com/dl/release2/chrome_component/.+crl-set.+', // allowed because it 307's to crlsets.brave.com
66
'https://www.google.com/dl/release2/chrome_component/.+crl-set.+', // allowed because it 307's to crlsets.brave.com
77
'http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/.+crxd', // allowed because it 307's to crlsets.brave.com,

lib/whitelistedUrlPrefixes.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ module.exports = [
44
'https://update.googleapis.com/service/update2', // allowed because it 307's to go-updater.brave.com. should never actually connect to googleapis.com.
55
'https://safebrowsing.googleapis.com/v4/threatListUpdates', // allowed because it 307's to safebrowsing.brave.com
66
'https://clients2.googleusercontent.com/crx/blobs/',
7-
'http://dl.google.com/release2/chrome_component/', // allowed because it 307's to crlset1.brave.com
8-
'https://dl.google.com/release2/chrome_component/', // allowed because it 307's to crlset1.brave.com
7+
'http://dl.google.com/', // allowed because it 307's to redirector.brave.com
8+
'https://dl.google.com/', // allowed because it 307's to redirector.brave.com
99
'https://no-thanks.invalid/', // fake gaia URL
1010
'https://go-updater.brave.com/',
1111
'https://safebrowsing.brave.com/',
@@ -30,4 +30,5 @@ module.exports = [
3030
'https://publishers-staging-distro.basicattentiontoken.org/',
3131
'https://p3a.brave.com/',
3232
'https://tor.bravesoftware.com/', // for fetching tor client updater component
33+
'https://redirector.brave.com/',
3334
]

0 commit comments

Comments
 (0)