| |
|
|
|
|
|
|
|
|
|
| |
Stored push subscriptions carry a client-supplied `endpoint`, and the
notifications job POSTed to it with no host check, so a subscription
with an internal/metadata URL turned the Trigger.dev worker into a blind
SSRF primitive. Add isAllowedPushEndpoint (https + known vendor hosts:
FCM, Mozilla, Apple, WNS), skip non-conforming endpoints in the job, and
reject them at subscribe time. Browser-minted subscriptions always match
a vendor host, so real delivery is unchanged; a behaviour-gate test
asserts vendor endpoints pass and internal/non-https/look-alikes fail.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CLAUDE.md prohibits abbreviations like ctx in identifiers. Rename the
Cloudflare Worker ExecutionContext parameter to executionContext in the
proxy worker (handleMangaChapterCounts, fetch, scheduled), and alias
Trigger.dev's destructured { ctx } to taskContext in the notifications
scheduled task. The external property name on Trigger.dev's params
object is library-defined and remains ctx on the wire.
Verified: proxy worker still boots under local wrangler dev and all
routes (OPTIONS, POST /manga/chapter-counts, forwardProxyRequest) still
respond identically.
|