diff --git a/app/api/upstash/[action]/[...key]/route.ts b/app/api/upstash/[action]/[...key]/route.ts index bcbdeef9d..6be243c92 100644 --- a/app/api/upstash/[action]/[...key]/route.ts +++ b/app/api/upstash/[action]/[...key]/route.ts @@ -12,7 +12,7 @@ async function handle( } const [action, ...key] = params.key; // only allow to request to *.upstash.io - if (!endpoint || !endpoint.endsWith("upstash.io")) { + if (!endpoint || !new URL(endpoint).hostname.endsWith(".upstash.io")) { return NextResponse.json( { error: true, diff --git a/app/api/webdav/[...path]/route.ts b/app/api/webdav/[...path]/route.ts index 1ddd37761..cade9ab51 100644 --- a/app/api/webdav/[...path]/route.ts +++ b/app/api/webdav/[...path]/route.ts @@ -31,7 +31,10 @@ async function handle( } // for MKCOL request, only allow request ${folder} - if (req.method == "MKCOL" && !endpointPath.endsWith(folder)) { + if ( + req.method == "MKCOL" && + !new URL(endpointPath).pathname.endsWith(folder) + ) { return NextResponse.json( { error: true, @@ -44,7 +47,10 @@ async function handle( } // for GET request, only allow request ending with fileName - if (req.method == "GET" && !endpointPath.endsWith(fileName)) { + if ( + req.method == "GET" && + !new URL(endpointPath).pathname.endsWith(fileName) + ) { return NextResponse.json( { error: true, @@ -57,7 +63,10 @@ async function handle( } // for PUT request, only allow request ending with fileName - if (req.method == "PUT" && !endpointPath.endsWith(fileName)) { + if ( + req.method == "PUT" && + !new URL(endpointPath).pathname.endsWith(fileName) + ) { return NextResponse.json( { error: true, diff --git a/app/utils/cloud/webdav.ts b/app/utils/cloud/webdav.ts index 6874302b8..79fff9472 100644 --- a/app/utils/cloud/webdav.ts +++ b/app/utils/cloud/webdav.ts @@ -1,6 +1,5 @@ import { STORAGE_KEY } from "@/app/constant"; import { SyncStore } from "@/app/store/sync"; -import { corsFetch } from "../cors"; export type WebDAVConfig = SyncStore["webdav"]; export type WebDavClient = ReturnType;