Fix: some error URLs aren't sanitized (#3385)

2 weeks ago · ea63716b61
parent daa51f9740
commit ea63716b61
2 changed files with 8 additions and 2 deletions
--- a/src/utils/proxy/api-helpers.js
+++ b/src/utils/proxy/api-helpers.js
@ -57,7 +57,7 @@ export function jsonArrayFilter(data, filter) {
 export function sanitizeErrorURL(errorURL) {
  // Dont display sensitive params on frontend
  const url = new URL(errorURL);
-  ["apikey", "api_key", "token", "t", "access_token"].forEach((key) => {
+  ["apikey", "api_key", "token", "t", "access_token", "auth"].forEach((key) => {
    if (url.searchParams.has(key)) url.searchParams.set(key, "***");
  });
  return url.toString();
--- a/src/utils/proxy/http.js
+++ b/src/utils/proxy/http.js
@ -5,6 +5,7 @@ import { createUnzip, constants as zlibConstants } from "node:zlib";
 import { http, https } from "follow-redirects";

 import { addCookieToJar, setCookieHeader } from "./cookie-jar";
+import { sanitizeErrorURL } from "./api-helpers";

 import createLogger from "utils/logger";

@ -113,6 +114,11 @@ export async function httpProxy(url, params = {}) {
      constructedUrl.pathname,
    );
    if (err) logger.error(err);
-    return [500, "application/json", { error: { message: err?.message ?? "Unknown error", url, rawError: err } }, null];
+    return [
+      500,
+      "application/json",
+      { error: { message: err?.message ?? "Unknown error", url: sanitizeErrorURL(url), rawError: err } },
+      null,
+    ];
  }
 }