Merge pull request #881 from JaredPage/main

Added file:/ to the list of excluded paths and string contains & added option to disable redirects
spatie · Nov 25, 2024 · 392c215 · 392c215
2 parents 9f52a5b + 8090cad
commit 392c215
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 4 deletions.
diff --git a/bin/browser.cjs b/bin/browser.cjs
@@ -191,6 +191,13 @@ const callChrome = async pup => {
                 }
             }
 
+            if (request.options && request.options.disableRedirects) {
+                if (interceptedRequest.isNavigationRequest() && interceptedRequest.redirectChain().length) {
+                    interceptedRequest.abort();
+                    return
+                }
+            }
+
             if (request.options && request.options.extraNavigationHTTPHeaders) {
                 // Do nothing in case of non-navigation requests.
                 if (interceptedRequest.isNavigationRequest()) {

diff --git a/docs/miscellaneous-options/disabling-redirects.md b/docs/miscellaneous-options/disabling-redirects.md
@@ -0,0 +1,12 @@
+---
+title: Disabling redirects
+weight: 26
+---
+
+To avoid redirects to domains that are not allowed in your environment, or for security reasons you can disable HTTP redirects.
+
+```php
+Browsershot::url('http://www.spatie.be')
+   ->disableRedirects()
+   ...
+```
diff --git a/src/Browsershot.php b/src/Browsershot.php
@@ -257,7 +257,7 @@ public function waitForSelector(string $selector, array $options = []): static
 
     public function setUrl(string $url): static
     {
-        if (str_starts_with(strtolower($url), 'file://')) {
+        if (str_starts_with(strtolower($url), 'file://') || str_starts_with(strtolower($url), 'file:/')) {
             throw FileUrlNotAllowed::make();
         }
 
@@ -289,7 +289,7 @@ public function setProxyServer(string $proxyServer): static
 
     public function setHtml(string $html): static
     {
-        if (str_contains(strtolower($html), 'file://')) {
+        if (str_contains(strtolower($html), 'file://') || str_contains(strtolower($html), 'file:/')) {
             throw HtmlIsNotAllowedToContainFile::make();
         }
 
@@ -472,6 +472,11 @@ public function blockDomains($array): static
         return $this->setOption('blockDomains', $array);
     }
 
+    public function disableRedirects(): static
+    {
+        return $this->setOption('disableRedirects', true);
+    }
+
     public function pages(string $pages): static
     {
         return $this->setOption('pageRanges', $pages);

diff --git a/src/Exceptions/FileUrlNotAllowed.php b/src/Exceptions/FileUrlNotAllowed.php
@@ -8,6 +8,6 @@ class FileUrlNotAllowed extends Exception
 {
     public static function make(): static
     {
-        return new static('An URL is not allow to start with file://');
+        return new static('An URL is not allow to start with file:// or file:/');
     }
 }
diff --git a/src/Exceptions/HtmlIsNotAllowedToContainFile.php b/src/Exceptions/HtmlIsNotAllowedToContainFile.php
@@ -8,6 +8,6 @@ class HtmlIsNotAllowedToContainFile extends Exception
 {
     public static function make(): static
     {
-        return new static('The specified HTML contains `file://`. This is not allowed.');
+        return new static('The specified HTML contains `file://` or `file:/`. This is not allowed.');
     }
 }
diff --git a/tests/BrowsershotTest.php b/tests/BrowsershotTest.php
@@ -60,6 +60,34 @@
     Browsershot::html('<h1><img src="file://" /></h1>');
 })->throws(HtmlIsNotAllowedToContainFile::class);
 
+it('will not allow a slightly malformed file url', function () {
+    Browsershot::url('file:/test');
+})->throws(FileUrlNotAllowed::class);
+
+it('will not allow html to contain file:/', function () {
+    Browsershot::html('<h1><img src="file:/" /></h1>');
+})->throws(HtmlIsNotAllowedToContainFile::class);
+
+it('no redirects - will not follow redirects', function () {
+    $targetPath = __DIR__.'/temp/redirect_fail.pdf';
+
+    Browsershot::url('http://www.spatie.be')
+        ->disableRedirects()
+        ->save($targetPath);
+
+    expect($targetPath)->not->toBeFile();
+})->throws(ProcessFailedException::class);
+
+it('no redirects - will still render direct 200 OKs', function () {
+    $targetPath = __DIR__.'/temp/redirect_success.pdf';
+
+    Browsershot::url('https://spatie.be/')
+        ->disableRedirects()
+        ->save($targetPath);
+
+    expect($targetPath)->toBeFile();
+});
+
 it('can take a high density screenshot', function () {
     $targetPath = __DIR__.'/temp/testScreenshot.png';