prevent http request without enable it explicitly

4 files changed, 27 insertions, 2 deletions

diff --git a/packages/taler-util/package.json b/packages/taler-util/package.json
index e7df2889f..26ca9b6b3 100644
--- a/packages/taler-util/package.json
+++ b/packages/taler-util/package.json
@@ -74,7 +74,7 @@
   },
   "ava": {
     "files": [
-      "lib/*test.js"
+      "lib/**/*test.js"
     ]
-  }
+}
 }
diff --git a/packages/taler-util/src/http-common.ts b/packages/taler-util/src/http-common.ts
index 9aaad12c7..8da4003b5 100644
--- a/packages/taler-util/src/http-common.ts
+++ b/packages/taler-util/src/http-common.ts
@@ -423,6 +423,7 @@ export function getExpiry(
 
 export interface HttpLibArgs {
   enableThrottling?: boolean;
+  allowHttp?: boolean;
 }
 
 export function encodeBody(body: any): ArrayBuffer {
diff --git a/packages/taler-util/src/http-impl.node.ts b/packages/taler-util/src/http-impl.node.ts
index 6dfce934f..4df1feaf0 100644
--- a/packages/taler-util/src/http-impl.node.ts
+++ b/packages/taler-util/src/http-impl.node.ts
@@ -49,9 +49,11 @@ const textDecoder = new TextDecoder();
 export class HttpLibImpl implements HttpRequestLibrary {
   private throttle = new RequestThrottler();
   private throttlingEnabled = true;
+  private allowHttp = false;
 
   constructor(args?: HttpLibArgs) {
     this.throttlingEnabled = args?.enableThrottling ?? false;
+    this.allowHttp = args?.allowHttp ?? false;
   }
 
   /**
@@ -78,6 +80,16 @@ export class HttpLibImpl implements HttpRequestLibrary {
         `request to origin ${parsedUrl.origin} was throttled`,
       );
     }
+    if (!this.allowHttp && parsedUrl.protocol !== "https:") {
+      throw TalerError.fromDetail(
+        TalerErrorCode.WALLET_NETWORK_ERROR,
+        {
+          requestMethod: method,
+          requestUrl: url,
+        },
+        `request to ${parsedUrl.origin} is not possible with protocol ${parsedUrl.protocol}`,
+      );
+    }
     let timeoutMs: number | undefined;
     if (typeof opt?.timeout?.d_ms === "number") {
       timeoutMs = opt.timeout.d_ms;
diff --git a/packages/taler-util/src/http-impl.qtart.ts b/packages/taler-util/src/http-impl.qtart.ts
index ee3d1f725..3a963b35a 100644
--- a/packages/taler-util/src/http-impl.qtart.ts
+++ b/packages/taler-util/src/http-impl.qtart.ts
@@ -41,9 +41,11 @@ const textDecoder = new TextDecoder();
 export class HttpLibImpl implements HttpRequestLibrary {
   private throttle = new RequestThrottler();
   private throttlingEnabled = true;
+  private allowHttp = false;
 
   constructor(args?: HttpLibArgs) {
     this.throttlingEnabled = args?.enableThrottling ?? false;
+    this.allowHttp = args?.allowHttp ?? false;
   }
 
   /**
@@ -70,6 +72,16 @@ export class HttpLibImpl implements HttpRequestLibrary {
         `request to origin ${parsedUrl.origin} was throttled`,
       );
     }
+    if (!this.allowHttp && parsedUrl.protocol !== "https") {
+      throw TalerError.fromDetail(
+        TalerErrorCode.WALLET_NETWORK_ERROR,
+        {
+          requestMethod: method,
+          requestUrl: url,
+        },
+        `request to ${parsedUrl.origin} is not possible with protocol ${parsedUrl.protocol}`,
+      );
+    }
 
     let data: ArrayBuffer | undefined = undefined;
     const requestHeadersMap = { ...getDefaultHeaders(method), ...opt?.headers };