Skip to content

@W-22838968 Port Squatting — Token-Based Check with Flag-Gated Backward Compat#57

Open
ankitsinghkuntal09 wants to merge 4 commits into
mainfrom
ankit/W-22838968-port-squat-backward-compat
Open

@W-22838968 Port Squatting — Token-Based Check with Flag-Gated Backward Compat#57
ankitsinghkuntal09 wants to merge 4 commits into
mainfrom
ankit/W-22838968-port-squat-backward-compat

Conversation

@ankitsinghkuntal09

@ankitsinghkuntal09 ankitsinghkuntal09 commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

@W-22838968@

Supersedes #53. Replaces the version-gated approach (previous revision of this PR) with a flag-gated approach after team review.

Fix — dual-acceptance with a kill switch

checkPortStatus returns one of four states; classifyOccupiedPort decides the action:

What's on the port Response Action
Nothing TCP-reachable: no available — spawn our dev server
Our server with right token 200 + X-Live-Preview-Token matches verified — silent reuse
OK but no token header 200 + header missing legacy — see below
Wrong token / non-OK mismatch or non-2xx foreign — abort with PortSquattingAbort

legacy is the backward-compat path. An old @salesforce/ui-bundle and a passive squatter are indistinguishable from the CLI side — the flag is the security boundary:

  • ALLOW_LEGACY_WEBAPPS_DEFAULT = true (this PR's default): proceed, emit one loud warning per webapp per CLI process. Warning surfaces as:
  • ALLOW_LEGACY_WEBAPPS_DEFAULT = false (or SF_UI_BUNDLE_ALLOW_LEGACY_WEBAPPS=false at runtime): strict mode — abort with PortSquattingAbort on legacy. Same hard error as foreign.

Once webapp adoption of the token-echoing release is high, flip the default to false;

Tested locally (5 scenarios, default mode + strict mode)

  • Both webapps NEW, no squatter → both verified, silent
  • Both webapps OLD, no squatter → both legacy, warning shown once per bundle, dev server reused
  • One OLD + one NEW, switch back and forth → each picks the correct state
  • One OLD + one NEW + squatter on 5173 → legacy (squatter indistinguishable from old), warning shown; strict mode aborts
  • Both NEW + squatter on 5173 → legacy (squatter answers first), warning shown; strict mode aborts with PortSquattingAbort

@ankitsinghkuntal09 ankitsinghkuntal09 self-assigned this Jun 8, 2026
@ankitsinghkuntal09 ankitsinghkuntal09 force-pushed the ankit/W-22838968-port-squat-backward-compat branch from fcdb4e3 to ead9962 Compare June 9, 2026 12:32
@ankitsinghkuntal09 ankitsinghkuntal09 changed the title @W-22838968 Port Squatting — Token-Based Check with Backward Compat @W-22838968 Port Squatting — Token-Based Check with Flag-Gated Backward Compat Jun 9, 2026
@ankitsinghkuntal09 ankitsinghkuntal09 force-pushed the ankit/W-22838968-port-squat-backward-compat branch from ead9962 to 06a2c41 Compare June 9, 2026 12:38
@ankitsinghkuntal09 @cursoragent
feat(port-squat): flag-gated backward-compat for token check @W-22838968
fc79710 
Supersedes the version-gated approach (reading @salesforce/ui-bundle version from
node_modules) — fragile across lockfile + Code Builder layouts.

A server on port 5173 that responds OK but does NOT echo X-Live-Preview-Token is
now classified as "legacy" (old webapp, or a passive squatter — indistinguishable
to the CLI). Behavior under "legacy":
- ALLOW_LEGACY_WEBAPPS_DEFAULT=true (current default): proceed, emit one loud
  warning per webapp per process (stderr structured JSON + SfCommand.warn()).
- false / SF_UI_BUNDLE_ALLOW_LEGACY_WEBAPPS=false: abort with PortSquattingAbort.

Once webapp adoption of the token-echoing release is high, flip the default to
false; the liberal branch then becomes a one-line removal.

Changes:
- 4-state checkPortStatus: available | verified | legacy | foreign
- classifyOccupiedPort centralizes the abort-vs-warn decision (shared by
  pre-flight one-shot and post-spawn polling)
- emitLegacyWebappWarning emits {"warn":"LEGACY_WEBAPP_DETECTED",...} on stderr
  (consumed by the VS Code extension) + this.warn() to the terminal
- Removed: MIN_TOKEN_SUPPORTED_VERSION, compareVersions,
  getWebappUiBundleVersion, isNewWebapp, isUrlReachable, pollUntilReachable,
  fs/path imports — all version-gating dead code

Co-authored-by: Cursor <cursoragent@cursor.com>
@ankitsinghkuntal09 ankitsinghkuntal09 force-pushed the ankit/W-22838968-port-squat-backward-compat branch from 06a2c41 to fc79710 Compare June 9, 2026 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amritmishra-sf amritmishra-sf Awaiting requested review from amritmishra-sf

@deepu-mungamuri94 deepu-mungamuri94 Awaiting requested review from deepu-mungamuri94

At least 1 approving review is required to merge this pull request.

Assignees

@ankitsinghkuntal09 ankitsinghkuntal09

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ankitsinghkuntal09 @tarushi-sf