Skip to content

fix(app-scripts): raise TLD character limit in allowNetworks validati… #2972

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Tyler (tylerwashington888) merged 1 commit into from
Mar 10, 2026
Merged

fix(app-scripts): raise TLD character limit in allowNetworks validati… #2972

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions packages/contentful--app-scripts/src/utils.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,31 @@ describe('isValidIpAddress', () => {
const result = isValidNetwork('*');
assert.strictEqual(result, false);
});

it('returns true for a domain with a TLD longer than 6 characters', () => {
// .hosting is 7 chars — previously rejected by the {2,6} limit.
// Customers using long gTLDs (e.g. akzonobel.hosting) were blocked from
// uploading custom apps even though the address is perfectly valid.
const result = isValidNetwork('qa-gql-gateway.akzonobel.hosting');
assert.strictEqual(result, true);
});

it('returns true for a wildcard domain with a TLD longer than 6 characters', () => {
const result = isValidNetwork('*.akzonobel.hosting');
assert.strictEqual(result, true);
});

it('returns true for a domain with a TLD at the maximum DNS label length of 63 characters', () => {
const maxLengthTld = 'a'.repeat(63);
const result = isValidNetwork(`example.${maxLengthTld}`);
assert.strictEqual(result, true);
});

it('returns false for a domain with a TLD exceeding the maximum DNS label length of 63 characters', () => {
const tooLongTld = 'a'.repeat(64);
const result = isValidNetwork(`example.${tooLongTld}`);
assert.strictEqual(result, false);
});
});

describe('removeProtocolFromUrl', () => {
Expand Down
4 changes: 2 additions & 2 deletions packages/contentful--app-scripts/src/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@ export const isValidNetwork = (address: string): boolean => {
'(?:' + // Start of the non-capturing group for domain names
'(?:\\*\\.)' + // Matches wildcard domains like *.example.com
'(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\\.)' + // Matches a single subdomain
'[a-zA-Z]{2,6}' + // Matches the top-level domain (TLD)
'[a-zA-Z]{2,63}' + // Matches the top-level domain (TLD). Upper bound of 63 follows RFC 1035 §2.3.4, which defines the maximum length of a single DNS label. ICANN began delegating long gTLDs (e.g. .hosting, .international) from 2012 onwards, making the previous limit of 6 too restrictive.
'|' + // OR
'(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\\.)+' + // Matches standard domains with one or more subdomains
'[a-zA-Z]{2,6}' + // Matches the top-level domain (TLD)
'[a-zA-Z]{2,63}' + // Matches the top-level domain (TLD). Upper bound of 63 follows RFC 1035 §2.3.4, which defines the maximum length of a single DNS label. ICANN began delegating long gTLDs (e.g. .hosting, .international) from 2012 onwards, making the previous limit of 6 too restrictive.
')|' + // End of the non-capturing group for domain names, OR
'(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}' + // Matches the first three octets of an IPv4 address
'(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|' + // Matches the last octet of an IPv4 address
Expand Down