mirror of
https://github.com/DI0IK/homepage-plus.git
synced 2025-07-10 15:28:47 +00:00
Security: Sanitize widget api keys from response
Closes https://github.com/gethomepage/homepage/security/advisories/GHSA-cjgf-vhj6-8cx4
This commit is contained in:
parent
36e77e1fe3
commit
f0d7cf3ce6
3 changed files with 11 additions and 6 deletions
|
@ -1,9 +1,11 @@
|
|||
import cachedFetch from "utils/proxy/cached-fetch";
|
||||
import { getSettings } from "utils/config/config";
|
||||
import { getPrivateWidgetOptions } from "utils/config/widget-helpers";
|
||||
|
||||
export default async function handler(req, res) {
|
||||
const { latitude, longitude, units, provider, cache, lang } = req.query;
|
||||
let { apiKey } = req.query;
|
||||
const { latitude, longitude, units, provider, cache, lang, index } = req.query;
|
||||
const privateWidgetOptions = await getPrivateWidgetOptions("openweathermap", index);
|
||||
let { apiKey } = privateWidgetOptions;
|
||||
|
||||
if (!apiKey && !provider) {
|
||||
return res.status(400).json({ error: "Missing API key or provider" });
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
import cachedFetch from "utils/proxy/cached-fetch";
|
||||
import { getSettings } from "utils/config/config";
|
||||
import { getPrivateWidgetOptions } from "utils/config/widget-helpers";
|
||||
|
||||
export default async function handler(req, res) {
|
||||
const { latitude, longitude, provider, cache, lang } = req.query;
|
||||
let { apiKey } = req.query;
|
||||
const { latitude, longitude, provider, cache, lang, index } = req.query;
|
||||
const privateWidgetOptions = await getPrivateWidgetOptions("weatherapi", index);
|
||||
let { apiKey } = privateWidgetOptions;
|
||||
|
||||
if (!apiKey && !provider) {
|
||||
return res.status(400).json({ error: "Missing API key or provider" });
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue