8x48/homepage
1
0
Fork 0
mirror of https://github.com/gethomepage/homepage.git synced 2026-01-09 01:44:24 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Strip sensitive information contained in URLs from frontend API calls

Browse Source
This commit is contained in:
shamoon
2023-02-15 14:46:31 -08:00
parent a25606cfe9
commit e1176e9e3b
3 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/utils/proxy/handlers/credentialed.js
View File

@@ -1,5 +1,5 @@
import getServiceWidget from "utils/config/service-helpers";
import { formatApiCall } from "utils/proxy/api-helpers";
import { formatApiCall, sanitizeErrorURL } from "utils/proxy/api-helpers";
import validateWidgetData from "utils/proxy/validate-widget-data";
import { httpProxy } from "utils/proxy/http";
import createLogger from "utils/logger";
@@ -68,7 +68,10 @@ export default async function credentialedProxyHandler(req, res, map) {
}
if (!validateWidgetData(widget, endpoint, data)) {
return res.status(500).json({error: {message: "Invalid data", url, data}});
if (data.error && data.error.url) {
data.error.url = sanitizeErrorURL(url);
}
return res.status(500).json({error: {message: "Invalid data", url: sanitizeErrorURL(url), data}});
}
if (status === 200 && map) {