Allowing outgoing traffic
Due to security reasons, the default implementation of the SDK validates all outgoing traffic to avoid i.e. tampered data result in requests to unknown endpoints or using unwanted protocols.
See CWE-918 for more details.
Default allowed endpoints
PartiumConfig.partiumApiBaseUrl: as provided toPartium.init, referring to the API endpoint (defaults tohttps://api.partium.io)PartiumConfig.partiumLoginUrl: as provided toPartium.init, referring to the Authentication endpoint (defaults tohttps://login.partium.io)cloudfront.net: Amazon Cloudfront cache, for CD purposesamazonaws.com: Amazon AWS services, for query assets uploads/downloadswindows.net: Azure Files service, for query assets uploads/downloads
If at any point the SDK code identifies a request to an unknown endpoint, it will raise
Error('Trying to transfer files to/from unknown endpoint ${url}') for downloads/uploads or
Error('The given URL is not a known service "${url}".') for other types of requests.
Modifying the allowed endpoints list
If by any reason you need to allow access to an alternative source (i.e. custom file storage service), it can be done by using custom services.
// Extend any of the FileTransferService implementations (FetchAPIFileTransferService, AxiosFileTransferService, ...)
class MyCustomFileTransferService extends FetchAPIFileTransferService {
constructor( serviceProvider: ServiceProvider, knownBaseUrls: string[] ) {
super(serviceProvider, [...knwonBaseUrls, 'https://my.cool.domain']);
}
}
// Extend any of the HttpsClientService implementations (FetchAPIHttpsClientService, AxiosHttpsClientService, ...)
class MyCustomHttpsClientService extends FetchAPIHttpsClientService {
constructor( serviceProvider: ServiceProvider, knownBaseUrls: string[] ) {
super(serviceProvider, [...knwonBaseUrls, 'https://my.cool.domain/supersecret']);
}
}
document.addEventListener('load', function () {
Partium.init({
httpsClientService: MyCustomHttpsClientService,
fileTransferService: MyCustomFileTransferService,
});
});