Custom plugin using URLStreamHandlerWithContext blocking connection as untrusted

Having trouble deploying Oxygen XML Web Author? Got a bug to report? Post it all here.
trentono
Posts: 4
Joined: Wed Oct 18, 2023 11:32 pm

Custom plugin using URLStreamHandlerWithContext blocking connection as untrusted

Post by trentono »

Hello,
We have been using a custom plugin for Oxygen XML Editor to load our XML data that extends URLStreamHandlerWithContext, and recently (seems to be after upgrading to v 26.0) the connection from this plugin has been blocked as untrusted. This is the error message we receive (url redacted):
Connection to https://xxxxx.xxxxx.xxxxx.com/vx/xxxxx/ ... c5551/xxxx was blocked because it is not configured as a trusted host.
Strangely, we only see this issue in our production environment. All of our pre-production environments don't have this issue.

As a workaround, we have been adding our host to the allowed hosts list on the Administration page. However, this is not a great long term solution as we have to adjust this config after each deploy (and we're running Oxygen in an AWS ECS task, which AWS may destroy/create automatically at any time).

From the documentation, I can see that:
Plugins can specify whether a connection is allowed or denied, regardless of whether or not they are listed in the Security tab of the Administration Page.
However, I can't find anywhere in the documentation that says where or how a plugin would specify this. Is the fact that the plugin uses a specific URL for a connection supposed to implicitly trust that host? Or, in addition to our custom URLStreamHandlerWithContext plugin, should we be creating a custom TrustedHostsProviderExtension with the same hosts listed that our other plugin uses?

Thanks,
Trent Olson
cosminef
Site Admin
Posts: 93
Joined: Wed Aug 30, 2023 2:33 pm

Re: Custom plugin using URLStreamHandlerWithContext blocking connection as untrusted

Post by cosminef »

Hello,

Thank you for contacting us.
You can view the post here [1], where my colleague, Radu, managed to respond:
The TrustedHostsProviderExtension is overall a good solution in order to take control in your Oxygen plugin over which hosts are trusted and which are not.
[1] viewtopic.php?p=74182#p74182

Best,
Cosmin
Cosmin Eftenie
www.oxygenxml.com
Post Reply