mirror of
https://github.com/DI0IK/homepage-plus.git
synced 2025-07-10 15:28:47 +00:00
Strip sensitive information contained in URLs from frontend API calls
This commit is contained in:
parent
a25606cfe9
commit
e1176e9e3b
3 changed files with 20 additions and 5 deletions
|
@ -1,5 +1,5 @@
|
|||
import getServiceWidget from "utils/config/service-helpers";
|
||||
import { formatApiCall } from "utils/proxy/api-helpers";
|
||||
import { formatApiCall, sanitizeErrorURL } from "utils/proxy/api-helpers";
|
||||
import validateWidgetData from "utils/proxy/validate-widget-data";
|
||||
import { httpProxy } from "utils/proxy/http";
|
||||
import createLogger from "utils/logger";
|
||||
|
@ -68,7 +68,10 @@ export default async function credentialedProxyHandler(req, res, map) {
|
|||
}
|
||||
|
||||
if (!validateWidgetData(widget, endpoint, data)) {
|
||||
return res.status(500).json({error: {message: "Invalid data", url, data}});
|
||||
if (data.error && data.error.url) {
|
||||
data.error.url = sanitizeErrorURL(url);
|
||||
}
|
||||
return res.status(500).json({error: {message: "Invalid data", url: sanitizeErrorURL(url), data}});
|
||||
}
|
||||
|
||||
if (status === 200 && map) {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue