PR: Whitelisting of correlation-Domains (#869)

* WhiteListing of CorrelationHeaderDomains

* fix for non existent inclusionDomains

* WhiteListing of CorrelationHeaderDomains

* removing wrong positioned changes

* added correlationHeader to defaultConfig

* Bugfix for multiple whitelisted domains

* Changed WhiteListCheck to using "some"

JavaScript/JavaScriptSDK/Util.ts

@@ -424,7 +424,7 @@ module Microsoft.ApplicationInsights {
                 if (Date.prototype.toISOString) {
                     return date.toISOString();
                 } else {
-                    const pad = function(number) {
+                    const pad = function (number) {
                         var r = String(number);
                         if (r.length === 1) {
                             r = "0" + r;

README.md

@@ -141,6 +141,7 @@ Most configuration fields are named such that they can be defaulted to falsey. A
 | disableDataLossAnalysis | true | If false, internal telemetry sender buffers will be checked at startup for items not yet sent. |
 | disableCorrelationHeaders | false | If false, the SDK will add two headers ('Request-Id' and 'Request-Context') to all dependency requests to correlate them with corresponding requests on the server side. Default is false. |
 | correlationHeaderExcludedDomains |  | Disable correlation headers for specific domains |
+| correlationHeaderDomains |  | Enable correlation headers for specific domains |
 | disableFlushOnBeforeUnload | false | Default false. If true, flush method will not be called when onBeforeUnload event triggers |
 | enableSessionStorageBuffer | true | Default true. If true, the buffer with all unsent telemetry is stored in session storage. The buffer is restored on page load |
 | isCookieUseDisabled | false | Default false. If true, the SDK will not store or read any data from cookies.|

vNext/extensions/applicationinsights-dependencies-js/src/ajax.ts

@@ -255,7 +255,7 @@ export class AjaxMonitor implements ITelemetryPlugin, IDependenciesPlugin, IInst
                 name: xhr.ajaxData.getPathName(),
                 type: "Ajax",
                 duration: xhr.ajaxData.ajaxTotalDuration,
-                success:(+(xhr.ajaxData.status)) >= 200 && (+(xhr.ajaxData.status)) < 400,
+                success: (+(xhr.ajaxData.status)) >= 200 && (+(xhr.ajaxData.status)) < 400,
                 responseCode: +xhr.ajaxData.status,
                 method: xhr.ajaxData.method
             };
@@ -347,7 +347,7 @@ export class AjaxMonitor implements ITelemetryPlugin, IDependenciesPlugin, IInst
         }
         const originalFetch: (input?: Request | string, init?: RequestInit) => Promise<Response> = window.fetch;
         const fetchMonitorInstance: AjaxMonitor = this;
-        window.fetch = function fetch(input?: Request | string , init?: RequestInit): Promise<Response> {
+        window.fetch = function fetch(input?: Request | string, init?: RequestInit): Promise<Response> {
             let fetchData: ajaxRecord;
             if (fetchMonitorInstance.isFetchInstrumented(input) && fetchMonitorInstance.isMonitoredInstance(undefined, undefined, input, init)) {
                 try {
@@ -468,7 +468,7 @@ export class AjaxMonitor implements ITelemetryPlugin, IDependenciesPlugin, IInst
                 LoggingSeverity.CRITICAL,
                 _InternalMessageId.FailedMonitorAjaxOpen,
                 "Failed to grab failed fetch diagnostics message",
-                {exception: Util.dump(e)}
+                { exception: Util.dump(e) }
             );
         }
         return result;
@@ -605,6 +605,7 @@ export class AjaxMonitor implements ITelemetryPlugin, IDependenciesPlugin, IInst
                 "*.blob.core.chinacloudapi.cn",
                 "*.blob.core.cloudapi.de",
                 "*.blob.core.usgovcloudapi.net"],
+            correlationHeaderDomains: undefined,
             appId: undefined,
             enableCorsCorrelation: false
         }
@@ -619,7 +620,8 @@ export class AjaxMonitor implements ITelemetryPlugin, IDependenciesPlugin, IInst
             disableCorrelationHeaders: undefined,
             correlationHeaderExcludedDomains: undefined,
             appId: undefined,
-            enableCorsCorrelation: undefined
+            enableCorsCorrelation: undefined,
+            correlationHeaderDomains: undefined,
         }
     }
 

vNext/shared/AppInsightsCommon/src/Interfaces/IConfig.ts

@@ -257,6 +257,7 @@ export interface IConfig {
     consoleLoggingLevel?: number;
     telemetryLoggingLevel?: number;
     diagnosticLogInterval?: number;
+    correlationHeaderDomains?: string[]
 }
 
 export class ConfigurationManager {

vNext/shared/AppInsightsCommon/src/Interfaces/ICorrelationConfig.ts

@@ -3,10 +3,12 @@
 
 export interface ICorrelationConfig {
     enableCorsCorrelation: boolean;
-    correlationHeaderExcludedDomains:  string[];
+    correlationHeaderExcludedDomains: string[];
     disableCorrelationHeaders: boolean;
     maxAjaxCallsPerView: number;
     disableAjaxTracking: boolean;
     disableFetchTracking: boolean;
     appId?: string;
+
+    correlationHeaderDomains?: string[]
 }

vNext/shared/AppInsightsCommon/src/Util.ts

@@ -636,6 +636,16 @@ export class CorrelationIdHelper {
             return false;
         }
 
+        let includedDomains = config && config.correlationHeaderDomains;
+        if (includedDomains) {
+            if (!includedDomains.some((domain) => {
+                let regex = new RegExp(domain.toLowerCase().replace(/\./g, "\.").replace(/\*/g, ".*"));
+                return regex.test(requestHost);
+            })) {
+                return false;
+            }
+        }
+
         let excludedDomains = config && config.correlationHeaderExcludedDomains;
         if (!excludedDomains || excludedDomains.length == 0) {
             return true;
@@ -686,18 +696,18 @@ export class AjaxHelper {
         if (absoluteUrl && absoluteUrl.length > 0) {
             var parsedUrl: HTMLAnchorElement = UrlHelper.parseUrl(absoluteUrl)
             target = parsedUrl.host;
-                if (!name) {
-                    if (parsedUrl.pathname != null) {
-                        let pathName: string = (parsedUrl.pathname.length === 0) ? "/" : parsedUrl.pathname;
-                        if (pathName.charAt(0) !== '/') {
-                            pathName = "/" + pathName;
-                        }
-                        data = parsedUrl.pathname;
-                        name = DataSanitizer.sanitizeString(logger, method ? method + " " + pathName : pathName);
-                    } else {
-                        name = DataSanitizer.sanitizeString(logger, absoluteUrl);
+            if (!name) {
+                if (parsedUrl.pathname != null) {
+                    let pathName: string = (parsedUrl.pathname.length === 0) ? "/" : parsedUrl.pathname;
+                    if (pathName.charAt(0) !== '/') {
+                        pathName = "/" + pathName;
                     }
+                    data = parsedUrl.pathname;
+                    name = DataSanitizer.sanitizeString(logger, method ? method + " " + pathName : pathName);
+                } else {
+                    name = DataSanitizer.sanitizeString(logger, absoluteUrl);
                 }
+            }
         } else {
             target = commandName;
             name = commandName;
@@ -720,13 +730,13 @@ export class DateTimeUtils {
      */
     public static Now = (typeof window === 'undefined') ? function () { return new Date().getTime(); } :
         (window.performance && window.performance.now && window.performance.timing) ?
-        function () {
-            return window.performance.now() + window.performance.timing.navigationStart;
-        }
-        :
-        function () {
-            return new Date().getTime();
-        }
+            function () {
+                return window.performance.now() + window.performance.timing.navigationStart;
+            }
+            :
+            function () {
+                return new Date().getTime();
+            }
 
     /**
      * Gets duration between two timestamps