Strip sensitive information contained in URLs from frontend API calls

2025-07-11 23:58:46 +00:00 · 2023-02-15 14:46:31 -08:00 · 2023-02-15 14:46:31 -08:00 · e1176e9e3b
commit e1176e9e3b
parent a25606cfe9
3 changed files with 20 additions and 5 deletions
--- a/src/utils/proxy/api-helpers.js
+++ b/src/utils/proxy/api-helpers.js
@ -53,3 +53,12 @@ export function jsonArrayTransform(data, transform) {
 export function jsonArrayFilter(data, filter) {
  return jsonArrayTransform(data, (items) => items.filter(filter));
 }
+
+export function sanitizeErrorURL(errorURL) {
+  // Dont display sensitive params on frontend
+  const url = new URL(errorURL);
+  ["apikey", "api_key", "token", "t"].forEach(key => {
+    if (url.searchParams.has(key)) url.searchParams.set(key, "***")
+  });
+  return url.toString();
+}