Skip to content

Commit

Permalink
🐛 fix code scanning alerts "server-side request forgery"
Browse files Browse the repository at this point in the history
  • Loading branch information
JohnsonMao committed Mar 1, 2024
1 parent c8489d1 commit 93cdc72
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions pages/group/edit/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,17 @@ function EditGroupPage() {
const goToDetail = () => router.replace(`/group/detail?id=${id}`);

const { mutate, isLoading } = useMutation(
(values) =>
fetch(`${GROUP_API_URL}/${id}`, {
(values) => {
if (!id || id.includes('/')) return Promise.reject();

return fetch(`${GROUP_API_URL}/${id}`, {
method: 'PUT',
body: JSON.stringify(values),
headers: {
'Content-Type': 'application/json',
},
}),
});

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
of this request depends on a
user-provided value
.
},
{ onSuccess: goToDetail },
);

Expand Down

0 comments on commit 93cdc72

Please sign in to comment.