fix(browser): preserve legacy strict SSRF alias

2026-05-06 17:40:44 +00:00 · 2026-04-14 12:50:02 +05:30
parent 024f4614a1
commit 213c36cf51
3 changed files with 13 additions and 1 deletions
--- a/extensions/browser/src/browser/config.test.ts
+++ b/extensions/browser/src/browser/config.test.ts
@@ -321,6 +321,15 @@ describe("browser config", () => {
    expect(resolved.ssrfPolicy).toEqual({ dangerouslyAllowPrivateNetwork: false });
  });

+  it("preserves legacy explicit strict mode from allowPrivateNetwork=false", () => {
+    const resolved = resolveBrowserConfig({
+      ssrfPolicy: {
+        allowPrivateNetwork: false,
+      },
+    } as unknown as BrowserConfig);
+    expect(resolved.ssrfPolicy).toEqual({ dangerouslyAllowPrivateNetwork: false });
+  });
+
  it("keeps allowlist-only browser SSRF policy strict by default", () => {
    const resolved = resolveBrowserConfig({
      ssrfPolicy: {
--- a/extensions/browser/src/browser/config.ts
+++ b/extensions/browser/src/browser/config.ts
@@ -149,7 +149,9 @@ function resolveBrowserSsrFPolicy(cfg: BrowserConfig | undefined): SsrFPolicy |
  }

  return {
-    ...(resolvedAllowPrivateNetwork || dangerouslyAllowPrivateNetwork === false
+    ...(resolvedAllowPrivateNetwork ||
+    dangerouslyAllowPrivateNetwork === false ||
+    allowPrivateNetwork === false
      ? { dangerouslyAllowPrivateNetwork: resolvedAllowPrivateNetwork }
      : {}),
    ...(allowedHostnames ? { allowedHostnames } : {}),