Skip to content

Commit ee7baa5

Browse files
waleedlatif1waleedlatif1
committed
fix(teams): remove smba.trafficmanager.net from Microsoft content allowlist
The subdomain check for smba.trafficmanager.net was unnecessary — Azure Traffic Manager does not support nested subdomains of existing profiles, but the pattern still raised a valid audit concern. Teams bot-framework attachment URLs from this host fall through to the generic fetchWithDNSPinning branch, which provides the same protection without the ambiguity.
1 parent e2ed88b commit ee7baa5

File tree

2 files changed

+2
-5
lines changed

2 files changed

+2
-5
lines changed

apps/sim/hooks/queries/environment.ts

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import { createLogger } from '@sim/logger'
2-
import { keepPreviousData, useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
2+
import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
33
import type { EnvironmentVariable, WorkspaceEnvironmentData } from '@/lib/environment/api'
44
import { fetchPersonalEnvironment, fetchWorkspaceEnvironment } from '@/lib/environment/api'
55
import { workspaceCredentialKeys } from '@/hooks/queries/credentials'
@@ -39,7 +39,6 @@ export function useWorkspaceEnvironment<TData = WorkspaceEnvironmentData>(
3939
queryFn: ({ signal }) => fetchWorkspaceEnvironment(workspaceId, signal),
4040
enabled: !!workspaceId,
4141
staleTime: 60 * 1000, // 1 minute
42-
placeholderData: keepPreviousData,
4342
...options,
4443
})
4544
}

apps/sim/lib/core/security/input-validation.ts

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1219,7 +1219,6 @@ const MICROSOFT_CONTENT_SUFFIXES = [
12191219
'1drv.ms',
12201220
'1drv.com',
12211221
'microsoftpersonalcontent.com',
1222-
'smba.trafficmanager.net',
12231222
] as const
12241223

12251224
/**
@@ -1229,8 +1228,7 @@ const MICROSOFT_CONTENT_SUFFIXES = [
12291228
*
12301229
* Covers SharePoint Online (commercial, GCC/GCC High/DoD, Germany, China),
12311230
* OneDrive business and consumer, OneDrive short-link and CDN domains,
1232-
* Microsoft personal content CDN, and the Azure Traffic Manager endpoint
1233-
* used for Teams inline image attachments.
1231+
* and Microsoft personal content CDN.
12341232
*
12351233
* @see https://learn.microsoft.com/en-us/sharepoint/required-urls-and-ports
12361234
* @see https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints

0 commit comments

Comments
 (0)