@azure/monitor-opentelemetry
Version:
Azure Monitor OpenTelemetry (Node.js)
28 lines • 1.55 kB
TypeScript
/**
* Allowed domain suffixes for redirect targets. A redirect (either a 30x `Location` header or a
* Live Metrics `x-ms-qps-service-endpoint-redirect-v2` header) is followed only when the current
* host and the redirect target either match exactly or both live under one of these trusted Azure
* Monitor / Application Insights suffixes. This prevents an attacker-controlled redirect from
* causing the bearer auth policy to attach a fresh AAD token (and the telemetry body) to an
* unrelated host.
*
* Mirrors `ALLOWED_REDIRECT_DOMAIN_SUFFIXES` in `@azure/monitor-opentelemetry-exporter`.
* @internal
*/
export declare const ALLOWED_REDIRECT_DOMAIN_SUFFIXES: readonly string[];
/**
* Return `true` if the redirect target is safe to follow.
*
* Used to gate redirects so an attacker-controlled redirect cannot cause the Live Metrics sender
* (and its credential-bearing pipeline) to send telemetry — and a freshly-signed bearer token —
* to an unrelated host.
*
* A redirect is permitted only when the target equals the currently configured host exactly, or
* when both the current host and the redirect target are under one of the known Azure Monitor
* ingestion host suffixes (see {@link ALLOWED_REDIRECT_DOMAIN_SUFFIXES}). Customers with a custom
* (non-Azure) host will therefore not have server-issued cross-host redirects followed.
*
* @internal
*/
export declare function isSameRegisteredDomain(currentNetloc: string | undefined, redirectNetloc: string | undefined): boolean;
//# sourceMappingURL=redirectUtils.d.ts.map