dominik/homepage-plus
1
0
Fork 0
mirror of https://github.com/DI0IK/homepage-plus.git synced 2025-07-09 06:48:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Strip sensitive information contained in URLs from frontend API calls

Browse source
This commit is contained in:
shamoon 2023-02-15 14:46:31 -08:00
parent a25606cfe9
commit e1176e9e3b
3 changed files with 20 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/utils/proxy/handlers/generic.js
View file

@ -1,5 +1,5 @@
import getServiceWidget from "utils/config/service-helpers";
import { formatApiCall } from "utils/proxy/api-helpers";
import { formatApiCall, sanitizeErrorURL } from "utils/proxy/api-helpers";
import validateWidgetData from "utils/proxy/validate-widget-data";
import { httpProxy } from "utils/proxy/http";
import createLogger from "utils/logger";
@ -35,7 +35,10 @@ export default async function genericProxyHandler(req, res, map) {
let resultData = data;
if (!validateWidgetData(widget, endpoint, resultData)) {
return res.status(status).json({error: {message: "Invalid data", url, data: resultData}});
if (resultData.error && resultData.error.url) {
resultData.error.url = sanitizeErrorURL(url);
}
return res.status(status).json({error: {message: "Invalid data", url: sanitizeErrorURL(url), data: resultData}});
}
if (status === 200 && map) {
@ -50,7 +53,7 @@ export default async function genericProxyHandler(req, res, map) {
if (status >= 400) {
logger.debug("HTTP Error %d calling %s//%s%s...", status, url.protocol, url.hostname, url.pathname);
return res.status(status).json({error: {message: "HTTP Error", url, data}});
return res.status(status).json({error: {message: "HTTP Error", url: sanitizeErrorURL(url), data}});
}
return res.status(status).send(resultData);