Ling0925
/
suna
mirror of https://github.com/kortix-ai/suna.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

allowed hostst

This commit is contained in:
Adam Cohen Hillel 2025-04-21 16:47:02 +01:00
parent 8751a1a716
commit 1a089a54ee
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
backend/supabase/functions/billing-functions/index.ts
View File

@ -10,6 +10,7 @@ import Stripe from "https://esm.sh/stripe@11.1.0?target=deno";
console.log("Starting billing functions..."); console.log("Starting billing functions...");
const defaultAllowedHost = Deno.env.get("ALLOWED_HOST") || "http://localhost:3000"; const defaultAllowedHost = Deno.env.get("ALLOWED_HOST") || "http://localhost:3000";
const allowedHosts = [defaultAllowedHost, "https://www.suna.so", "https://suna.so", "https://staging.suna.so"];
console.log("Default allowed host:", defaultAllowedHost); console.log("Default allowed host:", defaultAllowedHost);
export const corsHeaders = { export const corsHeaders = {
@ -92,7 +93,7 @@ serve(async (req) => {
case "get_billing_portal_url": case "get_billing_portal_url":
console.log("Getting billing portal URL for account:", body.args.account_id); console.log("Getting billing portal URL for account:", body.args.account_id);
if (!validateUrl(body.args.return_url, [defaultAllowedHost])) { if (!validateUrl(body.args.return_url, allowedHosts)) {
console.log("Invalid return URL:", body.args.return_url); console.log("Invalid return URL:", body.args.return_url);
return new Response( return new Response(
JSON.stringify({ error: "Return url is not allowed" }), JSON.stringify({ error: "Return url is not allowed" }),
@ -150,7 +151,7 @@ serve(async (req) => {
case "get_new_subscription_url": case "get_new_subscription_url":
console.log("Getting new subscription URL for account:", body.args.account_id); console.log("Getting new subscription URL for account:", body.args.account_id);
if (!validateUrl(body.args.success_url, [defaultAllowedHost]) || !validateUrl(body.args.cancel_url, [defaultAllowedHost])) { if (!validateUrl(body.args.success_url, allowedHosts) || !validateUrl(body.args.cancel_url, allowedHosts)) {
console.log("Invalid success or cancel URL:", body.args.success_url, body.args.cancel_url); console.log("Invalid success or cancel URL:", body.args.success_url, body.args.cancel_url);
return new Response( return new Response(
JSON.stringify({ error: "Success or cancel url is not allowed" }), JSON.stringify({ error: "Success or cancel url is not allowed" }),