Skip to content

fix(app-scripts): raise TLD character limit in allowNetworks validati…#2972

Merged
Tyler (tylerwashington888) merged 1 commit intomainfrom
fix/tld-character-limit-allow-networks
Mar 10, 2026
Merged

fix(app-scripts): raise TLD character limit in allowNetworks validati…#2972
Tyler (tylerwashington888) merged 1 commit intomainfrom
fix/tld-character-limit-allow-networks

Conversation

@tylerwashington888
Copy link
Copy Markdown
Contributor

@tylerwashington888 Tyler (tylerwashington888) commented Mar 10, 2026
edited
Loading

Problem

The isValidNetwork regex in packages/contentful--app-scripts/src/utils.ts capped TLD length at 6 characters ({2,6}), causing the CLI to incorrectly reject valid allowNetworks entries for domains with TLDs longer than 6 characters.

A customer was blocked from uploading their custom app because qa-gql-gateway.akzonobel.hosting failed validation — .hosting is 7 characters, one over the arbitrary limit.

Zendesk: https://contentful.atlassian.net/browse/ZEND-7697

Root Cause

The {2,6} upper bound was arbitrary and predated ICANN's 2012 generic TLD (gTLD) expansion, which introduced hundreds of TLDs longer than 6 characters (.hosting, .international, .construction, etc.).

Solution

Raise the TLD upper bound from 6 to 63 in both regex positions inside isValidNetwork. The value 63 is the maximum length of a single DNS label as defined by RFC 1035 §2.3.4 — the hard protocol ceiling that ICANN itself enforces when approving new TLDs.

Tests Added

Four new cases in src/utils.test.ts:

Case Expected
qa-gql-gateway.akzonobel.hosting (exact customer URL) ✅ valid
*.akzonobel.hosting (wildcard with long TLD) ✅ valid
Domain with 63-char TLD (RFC maximum) ✅ valid
Domain with 64-char TLD (exceeds RFC maximum) ❌ invalid

All 17 tests pass (13 pre-existing + 4 new).

Scope

Layer Status
CLI isValidNetwork regex — this PR ✅ Fixed
Ext API NETWORK_RE (extensibility-api) 🔜 Companion PR
Outbound worker (functions-api) ✅ Not affected — uses tldts (PSL-backed, no char limit)
Frontend UI (user_interface) ✅ Not affected — read-only display, no validation

@tylerwashington888
fix(app-scripts): raise TLD character limit in allowNetworks validati…
0c96c8e 
…on from 6 to 63

The regex used in `isValidNetwork` capped TLD length at 6 characters
({2,6}), which incorrectly rejected valid domains whose TLD is longer
than 6 characters (e.g. .hosting, .international, .construction).

The upper bound is raised to 63, which is the maximum length of a single
DNS label as defined by RFC 1035 §2.3.4. This is not arbitrary — it is
the hard protocol-level ceiling that ICANN itself enforces when approving
new TLDs. Since ICANN opened the generic TLD (gTLD) programme in 2012,
hundreds of long TLDs have been delegated, making the previous limit of 6
both technically incorrect and a source of real customer friction.

Fixes: customer was unable to upload a custom app using the allowNetworks
entry `qa-gql-gateway.akzonobel.hosting` because `.hosting` (7 chars)
exceeded the old limit.

The outbound worker (functions-api-outbound-worker) is not affected — it
uses the `tldts` library backed by the Public Suffix List, which has no
character-length restriction and already handles long TLDs correctly.

Made-with: Cursor
@bito-code-review
Copy link
Copy Markdown

bito-code-review Bot commented Mar 10, 2026
edited
Loading

Code Review Agent Run #217d9d

Actionable Suggestions - 0
Review Details
  • Files reviewed - 2 · Commit Range: 0c96c8e..0c96c8e
    • packages/contentful--app-scripts/src/utils.test.ts
    • packages/contentful--app-scripts/src/utils.ts
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • Eslint (Linter) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Default Agent You can customize the agent settings here or contact your Bito workspace admin at jared.jolton@contentful.com.

Documentation & Help

AI Code Review powered by Bito Logo

@bito-code-review
Copy link
Copy Markdown

bito-code-review Bot commented Mar 10, 2026

Changelist by Bito

This pull request implements the following key changes.

Key Change Files Impacted Summary
Bug Fix - Fix TLD Character Limit in allowNetworks Validation
Updated the regex in isValidNetwork function to allow TLDs up to 63 characters instead of 6, and added comprehensive test cases to validate the new limits.

@bito-code-review
Copy link
Copy Markdown

bito-code-review Bot commented Mar 10, 2026

Impact Analysis by Bito

Interaction Diagram 
sequenceDiagram
participant Dev as Developer
participant CLI as ContentfulAppScripts
participant Upload as Upload Module
participant Build as BuildUploadSettings Function
participant GetFunc as GetFunctionsFromManifest Function
participant ValidNet as IsValidNetwork Function<br/>🔄 Updated | ●●○ Medium
participant Manifest as Manifest JSON
GetFunc->>Manifest: Read functions from file
Dev->>CLI: Run upload command
CLI->>Upload: Execute upload
Upload->>Build: Build upload settings
Build->>GetFunc: Get validated functions
GetFunc->>ValidNet: Validate allowNetworks
ValidNet-->>GetFunc: Return validation result
alt [networks valid]
GetFunc-->>Build: Return functions
Build-->>Upload: Return settings
Upload-->>CLI: Proceed with upload
CLI-->>Dev: Upload successful
else [invalid networks]
GetFunc->>CLI: Exit with validation error
CLI-->>Dev: Upload failed
    end
Loading

This merge request updates the isValidNetwork function to support top-level domains (TLDs) up to 63 characters, enabling validation of modern long generic TLDs like .hosting and .international. It modifies the regex pattern in the data validation layer and adds comprehensive test cases. This change allows app uploads with functions specifying allowNetworks containing domains with extended TLDs, which were previously blocked by the restrictive {2,6} limit.

Cross-Repository Impact Analysis
What Changed Impact of Change Suggested Review Actions
Updated isValidNetwork function regex to allow TLDs up to 63 characters instead of 6, supporting long gTLDs like .hosting and .international. - Contentful App Functions: Customers using domains with long gTLDs (e.g., akzonobel.hosting) can now successfully upload custom apps that were previously blocked by the restrictive TLD validation. - Verify that the new TLD length limit aligns with RFC 1035 specifications.
- Test the function with various long gTLD examples to ensure no regressions.
Code Paths Analyzed

Impact:
The change expands domain validation to support modern long gTLDs, preventing false negatives for valid domain names in Contentful app configurations.

Flow:
User provides allowNetworks in app manifest → stripProtocol removes protocol → isValidNetwork validates each network address → invalid addresses cause process exit with error.

Direct Changes (Diff Files):
• packages/contentful--app-scripts/src/utils.ts [40,43] — Modified regex pattern for TLD validation from {2,6} to {2,63} in two places within the isValidNetwork function.
• packages/contentful--app-scripts/src/utils.test.ts [10-33] — Added four new test cases to validate long TLD support: domain with 7-char TLD, wildcard with 7-char TLD, max 63-char TLD, and invalid 64-char TLD.

Repository Impact:
App Scripts Validation: The isValidNetwork function is used during app upload validation to check allowNetworks arrays in function definitions.

Cross-Repository Dependencies:
No direct cross-repository dependencies detected in this diff: Changes are internal to the @contentful/app-scripts package with no import or dependency modifications.

Database/Caching Impact:
• None

API Contract Violations:
None.

Infrastructure Dependencies:
None.

Additional Insights:
RFC Compliance: Update aligns with RFC 1035 §2.3.4 maximum DNS label length of 63 characters.

Testing Recommendations

Frontend Impact:
None.

Service Integration:
• Run full test suite for @contentful/app-scripts package to ensure no regressions in network validation.

Data Serialization:
None.

Privacy Compliance:
None.

Backward Compatibility:
• Test that existing valid domains with standard TLDs (e.g., .com, .org) continue to pass validation.
• Verify that invalid domains and IPs are still properly rejected.

OAuth Functionality:
• None

Reliability Testing:
• None

Additional Insights:
• Test app upload process with domains using long gTLDs like .hosting, .international, .technology.
• Validate that the function correctly rejects domains with TLDs exceeding 63 characters.
• Check edge cases: wildcard domains (*.example.hosting) and domains at the 63-character limit.

Analysis based on known dependency patterns and edges. Actual impact may vary.

@tylerwashington888 Tyler (tylerwashington888) merged commit 79e1c1c into main Mar 10, 2026
18 checks passed
@tylerwashington888 Tyler (tylerwashington888) deleted the fix/tld-character-limit-allow-networks branch March 10, 2026 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BobHemphill76 BobHemphill76 BobHemphill76 approved these changes

@bito-code-review bito-code-review[bot] bito-code-review[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tylerwashington888 @BobHemphill76