Deno: Deno Permissions API request method unable to grant url "scoped" net permissions

Created on 19 Sep 2020  ·  3Comments  ·  Source: denoland/deno

The unstable Deno Permissions APIs request() method currently appears unable to grant url "scoped" permissions for the net PermissionDescriptor whose interface allows for providing an allowlist for urls.

Please see below for code to reproduce:

console.log(await Deno.permissions.query({ name: "net", url: "http://google.com" }));
console.log(await Deno.permissions.revoke({ name: "net" }));
console.log(await Deno.permissions.request({ name: "net", url: "http://google.com" }));
console.log(await Deno.permissions.query({ name: "net", url: "http://google.com" }));
console.log(await fetch("http://google.com"));

When executed with the following command:

$ deno run --unstable --allow-net=google.com ./example.ts

PermissionStatus { state: "granted" }
PermissionStatus { state: "prompt" }
️⚠️  Deno requests network access to "http://google.com". Grant? [g/d (g = grant, d = deny)] g
PermissionStatus { state: "granted" }
PermissionStatus { state: "prompt" }
error: Uncaught PermissionDenied: network access to "http://google.com/", run again with the --allow-net flag
    at Object.jsonOpAsync (core.js:236:13)
    at async fetch (deno:op_crates/fetch/26_fetch.js:1272:29)
    at async example.ts:13:13

The expected behaviour is that following the permission request the following query should return a PermissionStatus with state: "granted" and the fetch() should be permitted.

Instead we are seeing the permission is not granted, despite the granted state response from the request call and the fetch() throws a PermissionDenied error.

bug permissions
Source
picture asos-craigmorten

Most helpful comment

I noticed the net whitelisting was very sketchy when I was refactoring permissions. This is all specific to net permissions, will you include this in the title?

picture nayeemrmn on 19 Sep 2020
👍2

All 3 comments

I noticed the net whitelisting was very sketchy when I was refactoring permissions. This is all specific to net permissions, will you include this in the title?

nayeemrmn picture nayeemrmn on 19 Sep 2020
👍2

@nayeemrmn I’ll quickly dbl check read/write and update if it is just net 😊

asos-craigmorten picture asos-craigmorten on 19 Sep 2020

Can confirm that read and write are not impacted.

Read

console.log(await Deno.permissions.query({ name: "read", path: "./" }));
console.log(await Deno.permissions.revoke({ name: "read" }));
console.log(await Deno.permissions.request({ name: "read", path: "./" }));
console.log(await Deno.permissions.query({ name: "read", path: "./" }));
console.log(await Deno.stat("./"));

$ deno run --unstable --allow-read=./ ./example.ts

PermissionStatus { state: "granted" }
PermissionStatus { state: "prompt" }
️⚠️  Deno requests read access to "./". Grant? [g/d (g = grant, d = deny)] g
PermissionStatus { state: "granted" }
PermissionStatus { state: "granted" }
{
  ...
}

Write

console.log(await Deno.permissions.query({ name: "write", path: "./" }));
console.log(await Deno.permissions.revoke({ name: "write" }));
console.log(await Deno.permissions.request({ name: "write", path: "./" }));
console.log(await Deno.permissions.query({ name: "write", path: "./" }));
console.log(await Deno.writeTextFile("./test.txt", "test"));

$ deno run --unstable --allow-write=./ ./example.ts

PermissionStatus { state: "granted" }
PermissionStatus { state: "prompt" }
️⚠️  Deno requests write access to "./". Grant? [g/d (g = grant, d = deny)] g
PermissionStatus { state: "granted" }
PermissionStatus { state: "granted" }
undefined
asos-craigmorten picture asos-craigmorten on 19 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

motss picture motss  ·  3Comments
kyeotic picture kyeotic  ·  3Comments
JosephAkayesi picture JosephAkayesi  ·  3Comments
somombo picture somombo  ·  3Comments
ry picture ry  ·  3Comments