Chore/deny list urls (#4938)

* Refactor URL filtering logic in App class - Introduced a denylist for URLs using the DENYLIST_URLS environment variable. - Updated the whitelist logic to filter out denylisted URLs, ensuring improved request validation. * revery whitelist url changes * revert whitelist url changes
2026-06-22 09:01:09 +03:00 · 2025-07-24 00:57:45 +01:00
parent d081221a97
commit a3f47af027
1 changed files with 1 additions and 1 deletions
@@ -210,7 +210,7 @@ export class App {
                // Step 2: Check if the req path is casesensitive
                if (URL_CASE_SENSITIVE_REGEX.test(req.path)) {
                    // Step 3: Check if the req path is in the whitelist
-                    const isWhitelisted = whitelistURLs.includes(req.path)
+                    const isWhitelisted = whitelistURLs.some((url) => req.path.startsWith(url))
                    if (isWhitelisted) {
                        next()
                    } else if (req.headers['x-request-from'] === 'internal') {