Skip to content

Commit

Permalink
Revert "chore: [DX-3334] Add the Subresource Integrity attribute to C…
Browse files Browse the repository at this point in the history
…heckout files" (#2330)
  • Loading branch information
zaidarain1 authored Oct 18, 2024
1 parent aa44226 commit 8d4f6d5
Show file tree
Hide file tree
Showing 10 changed files with 18 additions and 137 deletions.
12 changes: 0 additions & 12 deletions .github/workflows/pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,18 +44,6 @@ jobs:
- name: Build, Lint, Test & Typecheck
run: yarn nx affected -t build,lint,test,typecheck

- name: Validate Checkout Widgets Hashes
run: |
cd packages/checkout/widgets-lib
mv hashes.json hashes.json.old
yarn updateHashes
if [ -n "$(git diff --exit-code hashes.json)" ]; then
echo "Hashes.json has changed. Please update the hashes.json file and commit the changes."
echo "You can use the following command in the root of the repo to update the hashes.json file:"
echo "yarn workspace @imtbl/checkout-widgets updateHashes"
exit 1
fi
build-lint-test-examples:
name: Build, Lint & Test Examples
runs-on: ubuntu-latest-8-cores
Expand Down
2 changes: 1 addition & 1 deletion packages/checkout/sdk/src/sdk.ts
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ export class Checkout {
) {
const checkout = this;
try {
const cdnUrl = await getWidgetsEsmUrl(validVersion);
const cdnUrl = getWidgetsEsmUrl(validVersion);

// WebpackIgnore comment required to prevent webpack modifying the import statement and
// breaking the dynamic import in certain applications integrating checkout
Expand Down
34 changes: 0 additions & 34 deletions packages/checkout/sdk/src/widgets/hashUtils.ts

This file was deleted.

36 changes: 8 additions & 28 deletions packages/checkout/sdk/src/widgets/load.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,55 +2,35 @@
import { SDK_VERSION_MARKER } from '../env';
import { getWidgetsEsmUrl, loadUnresolvedBundle } from './load';

const SDK_VERSION = SDK_VERSION_MARKER;

jest.mock('./hashUtils', () => ({
generateSHA512Hash: jest.fn(async () => 'sha512-abc123'),
// eslint-disable-next-line max-len
validatedHashesUrl: jest.fn(async () => `https://raw.githubusercontent.com/immutable/ts-immutable-sdk/refs/tags/${SDK_VERSION}/packages/checkout/widgets-lib/hashes.json`),
}));

describe('load', () => {
const SDK_VERSION = SDK_VERSION_MARKER;
const scriptId = 'immutable-checkout-widgets-bundle';

beforeEach(() => {
jest.spyOn(console, 'warn').mockImplementation(() => { });
});

describe('load unresolved bundle', () => {
it('should validate the versioning', async () => {
it('should validate the versioning', () => {
const tag = document.createElement('script');
await loadUnresolvedBundle(tag, scriptId, SDK_VERSION);

loadUnresolvedBundle(tag, scriptId, SDK_VERSION);
expect(document.head.innerHTML).toBe(
'<script '
+ 'integrity="sha512-abc123" '
+ 'crossorigin="anonymous" '
+ 'id="immutable-checkout-widgets-bundle" '
'<script id="immutable-checkout-widgets-bundle" '
+ 'data-version="__SDK_VERSION__" '
+ `src="https://cdn.jsdelivr.net/npm/@imtbl/sdk@${SDK_VERSION}/dist/browser/checkout/widgets.js"></script>`,
);
});
});

describe('get widgets esm url', () => {
beforeEach(() => {
// @ts-expect-error mocking only json value of fetch response
global.fetch = jest.fn(async () => ({
json: async () => ({ 'dist/index.js': 'sha512-abc123' }),
}));
});

it('should validate the versioning', async () => {
const widgetsEsmUrl = await getWidgetsEsmUrl(SDK_VERSION);
expect(widgetsEsmUrl).toEqual(
it('should validate the versioning', () => {
expect(getWidgetsEsmUrl(SDK_VERSION)).toEqual(
`https://cdn.jsdelivr.net/npm/@imtbl/sdk@${SDK_VERSION}/dist/browser/checkout/widgets-esm.js`,
);
});

it('should change version', async () => {
const widgetsEsmUrl = await getWidgetsEsmUrl('1.2.3');
expect(widgetsEsmUrl).toEqual(
it('should change version', () => {
expect(getWidgetsEsmUrl('1.2.3')).toEqual(
'https://cdn.jsdelivr.net/npm/@imtbl/[email protected]/dist/browser/checkout/widgets-esm.js',
);
});
Expand Down
34 changes: 5 additions & 29 deletions packages/checkout/sdk/src/widgets/load.ts
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
import { useLocalBundle } from '../env';
import { generateSHA512Hash, validatedHashesUrl } from './hashUtils';

// Loads the checkout widgets bundle from the CDN and appends the script to the document head
export async function loadUnresolvedBundle(
export function loadUnresolvedBundle(
tag: HTMLScriptElement,
scriptId: string,
validVersion: string,
Expand All @@ -18,12 +17,6 @@ export async function loadUnresolvedBundle(
let cdnUrl = `https://cdn.jsdelivr.net/npm/@imtbl/sdk@${validVersion}/dist/browser/checkout/widgets.js`;
if (useLocalBundle()) cdnUrl = `http://${window.location.host}/lib/js/widgets.js`;

if (!useLocalBundle()) {
const integrityHash = await generateSHA512Hash(cdnUrl);
tag.setAttribute('integrity', integrityHash);
tag.setAttribute('crossorigin', 'anonymous');
}

tag.setAttribute('id', scriptId);
tag.setAttribute('data-version', validVersion);
tag.setAttribute('src', cdnUrl);
Expand All @@ -32,27 +25,10 @@ export async function loadUnresolvedBundle(
}

// Gets the CDN url for the split checkout widgets bundle
export async function getWidgetsEsmUrl(
export function getWidgetsEsmUrl(
validVersion: string,
): Promise<Promise<string>> {
if (useLocalBundle()) return `http://${window.location.host}/lib/js/index.js`;

const cdnUrl = `https://cdn.jsdelivr.net/npm/@imtbl/sdk@${validVersion}/dist/browser/checkout/widgets-esm.js`;

const validHashesUrl = await validatedHashesUrl(validVersion);

const hash = await generateSHA512Hash(cdnUrl);

const widgetsEsmHash: string = await fetch(validHashesUrl)
.then((response) => response.json())
.then((hashes) => hashes['dist/index.js'])
.catch(() => {
throw new Error('Security Error: could not fetch widgets-esm.js hash');
});

if (hash !== widgetsEsmHash) {
throw new Error('Security Error: widgets-esm.js hash mismatch');
}

): string {
let cdnUrl = `https://cdn.jsdelivr.net/npm/@imtbl/sdk@${validVersion}/dist/browser/checkout/widgets-esm.js`;
if (useLocalBundle()) cdnUrl = `http://${window.location.host}/lib/js/index.js`;
return cdnUrl;
}
2 changes: 1 addition & 1 deletion packages/checkout/widgets-lib/.eslintrc.cjs
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module.exports = {
"extends": ["../../../.eslintrc"],
"ignorePatterns": ["jest.config.*", "rollup.config.*", "*.js"],
"ignorePatterns": ["jest.config.*", "rollup.config.*"],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"project": "./tsconfig.json",
Expand Down
4 changes: 0 additions & 4 deletions packages/checkout/widgets-lib/hashes.json

This file was deleted.

5 changes: 2 additions & 3 deletions packages/checkout/widgets-lib/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -104,16 +104,15 @@
"build": "yarn clean && NODE_ENV=production rollup --config rollup.config.js",
"build:analyse": "yarn build --plugin visualizer",
"build:local": "yarn clean && yarn build && mkdir -p ../widgets-sample-app/public/lib/js && cp dist/*.js ../widgets-sample-app/public/lib/js/",
"prepare:examplewidgets": "yarn workspace @examples/sdk-load-widgets-with-nextjs exec mkdir -p tests/utils/local-widgets-js/ && cp $(yarn workspace @imtbl/sdk exec pwd)/dist/browser/checkout/*.js $(yarn workspace @examples/sdk-load-widgets-with-nextjs exec pwd)/tests/utils/local-widgets-js/",
"clean": "rimraf ./dist",
"d": "rollup --config rollup.config.js",
"lint": "eslint ./src --ext .ts,.jsx,.tsx --max-warnings=0",
"lint:fix": "eslint ./src --ext .ts,.jsx,.tsx --max-warnings=0 --fix",
"prepare:examplewidgets": "yarn workspace @examples/sdk-load-widgets-with-nextjs exec mkdir -p tests/utils/local-widgets-js/ && cp $(yarn workspace @imtbl/sdk exec pwd)/dist/browser/checkout/*.js $(yarn workspace @examples/sdk-load-widgets-with-nextjs exec pwd)/tests/utils/local-widgets-js/",
"start": "yarn clean && NODE_ENV=development rollup --config rollup.config.js --watch",
"test": "jest test --passWithNoTests",
"test:watch": "jest test --passWithNoTests --watch",
"typecheck": "tsc --customConditions \"default\" --noEmit",
"updateHashes": "yarn run --top-level nx run @imtbl/checkout-widgets:build && node ./updateHashes.js"
"typecheck": "tsc --customConditions \"default\" --noEmit"
},
"type": "module",
"types": "./dist/index.d.ts"
Expand Down
24 changes: 0 additions & 24 deletions packages/checkout/widgets-lib/updateHashes.js

This file was deleted.

2 changes: 1 addition & 1 deletion sdk/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -178,4 +178,4 @@
},
"type": "module",
"types": "./dist/index.d.ts"
}
}

0 comments on commit 8d4f6d5

Please sign in to comment.