feat: add allowed origin to websockets (#236)

* added allowed_origins to AttachAppInterfaceRequest and forwarding websocket connection options * selectively expose only origin * removed unused import * new type for WsClientOptions * better naming * fix naming, build docs * proper WsClientOptions type * test: add allowed origins to tests * build: update to corresponding version of holochain * build: update cargo, npm & nix flake * test: fix all allowed origins * test: fix app agent origins * test: fix websocket reconnection * ci: separate restore and save cache actions * test: reenable all tests * docs: update changelog * chore: bump version * refactor: remove default timeout from tests --------- Co-authored-by: Matthias <[email protected]>
holochain · Apr 5, 2024 · e305d33 · e305d33
1 parent d2b584d
commit e305d33
Show file tree

Hide file tree

Showing 25 changed files with 767 additions and 406 deletions.
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -33,9 +33,8 @@ jobs:
         with:
           name: holochain-ci
 
-      - name: Cache test zome build
-        uses: actions/cache@v4
-        if: always()
+      - name: Restore test zome build
+        uses: actions/cache/restore@v4
         env:
           cache-name: test-zome
         with:
@@ -51,6 +50,17 @@ jobs:
       - name: Build test fixture
         run: nix develop -c $SHELL -c "./build-fixture.sh"
 
+      - name: Save test zome build
+        uses: actions/cache/save@v4
+        env:
+          cache-name: test-zome
+        with:
+          path: |
+            .cargo
+            test/e2e/fixture/zomes/foo/target
+            test/e2e/fixture2/coordinator2/target
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('Cargo.lock') }}
+
       - name: Install JS packages
         run: nix develop -c $SHELL -c "npm ci"
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Added
 ### Changed
+- Websocket client: Specify `origin` parameter when establishing app websocket connections to protect localhost from cross origin attacks in browser scripts.
+- Websocket client: Add `allowed_origins` parameter to `AdminWebsocket.attachAppInterface` to specify allowed origins.
+- Consistently throw `HolochainError`s throughout with specific error names and messages.
 ### Fixed
 ### Removed