Matt Gilman created NIFI-16059:
----------------------------------
Summary: Connector custom UI: validate postMessage origin against
the application origin instead of the connector's configuration URL
Key: NIFI-16059
URL: https://issues.apache.org/jira/browse/NIFI-16059
Project: Apache NiFi
Issue Type: Improvement
Components: Core UI
Reporter: Matt Gilman
Assignee: Matt Gilman
The connector custom UI host (ConnectorMessageHost) validates the origin of
inbound postMessage events from a connector's embedded custom UI. The origin it
trusts is derived from the connector entity's configurationUrl / detailsUrl --
the same per-connector field that is used to set the custom UI iframe's src.
Because the content loaded into the iframe and the origin used to validate
messages coming back from it are taken from the same per-connector value, the
inbound origin check does not represent an independent trust decision. Whatever
controls that field controls both the loaded UI and the origin string used to
validate messages from it, so the validation is effectively self-referential
(an Origin Validation Error, CWE-346).
Connector custom UIs are served by the NiFi web server itself: the
configuration/details URLs are generated server-side in ConnectorResource from
the incoming request URI, so the custom UI is same-origin with the application.
The origin that should be trusted for these messages is therefore a property of
the application, not of an individual connector entity, and the current coupling
between the iframe source and the message-trust origin is unnecessary.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)