UNPKG

@azure/monitor-opentelemetry

Version:
28 lines 1.55 kB
/** * Allowed domain suffixes for redirect targets. A redirect (either a 30x `Location` header or a * Live Metrics `x-ms-qps-service-endpoint-redirect-v2` header) is followed only when the current * host and the redirect target either match exactly or both live under one of these trusted Azure * Monitor / Application Insights suffixes. This prevents an attacker-controlled redirect from * causing the bearer auth policy to attach a fresh AAD token (and the telemetry body) to an * unrelated host. * * Mirrors `ALLOWED_REDIRECT_DOMAIN_SUFFIXES` in `@azure/monitor-opentelemetry-exporter`. * @internal */ export declare const ALLOWED_REDIRECT_DOMAIN_SUFFIXES: readonly string[]; /** * Return `true` if the redirect target is safe to follow. * * Used to gate redirects so an attacker-controlled redirect cannot cause the Live Metrics sender * (and its credential-bearing pipeline) to send telemetry — and a freshly-signed bearer token — * to an unrelated host. * * A redirect is permitted only when the target equals the currently configured host exactly, or * when both the current host and the redirect target are under one of the known Azure Monitor * ingestion host suffixes (see {@link ALLOWED_REDIRECT_DOMAIN_SUFFIXES}). Customers with a custom * (non-Azure) host will therefore not have server-issued cross-host redirects followed. * * @internal */ export declare function isSameRegisteredDomain(currentNetloc: string | undefined, redirectNetloc: string | undefined): boolean; //# sourceMappingURL=redirectUtils.d.ts.map