Fix: some error URLs aren't sanitized (#3385)

pull/3394/head
shamoon 7 months ago committed by GitHub
parent daa51f9740
commit ea63716b61
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -57,7 +57,7 @@ export function jsonArrayFilter(data, filter) {
export function sanitizeErrorURL(errorURL) {
// Dont display sensitive params on frontend
const url = new URL(errorURL);
["apikey", "api_key", "token", "t", "access_token"].forEach((key) => {
["apikey", "api_key", "token", "t", "access_token", "auth"].forEach((key) => {
if (url.searchParams.has(key)) url.searchParams.set(key, "***");
});
return url.toString();

@ -5,6 +5,7 @@ import { createUnzip, constants as zlibConstants } from "node:zlib";
import { http, https } from "follow-redirects";
import { addCookieToJar, setCookieHeader } from "./cookie-jar";
import { sanitizeErrorURL } from "./api-helpers";
import createLogger from "utils/logger";
@ -113,6 +114,11 @@ export async function httpProxy(url, params = {}) {
constructedUrl.pathname,
);
if (err) logger.error(err);
return [500, "application/json", { error: { message: err?.message ?? "Unknown error", url, rawError: err } }, null];
return [
500,
"application/json",
{ error: { message: err?.message ?? "Unknown error", url: sanitizeErrorURL(url), rawError: err } },
null,
];
}
}

Loading…
Cancel
Save