Minor: A trailing "/" prevents identification of trusted apps
Opened this issue · 3 comments
If the domain declared for a trusted app ends with a "/" character, the app running is returned "403: Unauthorized Origin" when performing operations it should be allowed to (e.g. resource creation).
Users typically won't declare a domain ending with a "/", but wen copy/pasting for instance, this may happen (that's how I discovered this). I'm not completely sure this is an issue, but it may be worth at least documenting, or removing the trailing "/" automatically.
A good point, and it shouldn't be difficult to normalize URLs.
There is the question on how NSS should handle this if it does have a trailing slash in the url or even if the url contains a full path like example.com/path/to/item
. I'd say it would make sense for a 403 error to be returned. As example.com/path/to/item
is not a valid origin, it should be skipped for evaluation. Therefore, the origin example.com
is still not registered as a trusted app and should be rejected.
Thank you for the input @jaxoncreed - I'll solve this by implementing some proper checks in the trusted app view ^_^