MCPcopy Index your code
hub / github.com/parse-community/parse-server / validateFileUrl

Function validateFileUrl

src/FileUrlValidator.js:9–38  ·  view source on GitHub ↗

* Validates whether a File URL is allowed based on the configured allowed domains. * @param {string} fileUrl - The URL to validate. * @param {Object} config - The Parse Server config object. * @throws {Parse.Error} If the URL is not allowed.

(fileUrl, config)

Source from the content-addressed store, hash-verified

7 * @throws {Parse.Error} If the URL is not allowed.
8 */
9function validateFileUrl(fileUrl, config) {
10 if (fileUrl == null || fileUrl === '') {
11 return;
12 }
13
14 const domains = config?.fileUpload?.allowedFileUrlDomains;
15 if (!Array.isArray(domains) || domains.includes('*')) {
16 return;
17 }
18
19 let parsedUrl;
20 try {
21 parsedUrl = new URL(fileUrl);
22 } catch {
23 throw new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `Invalid file URL.`);
24 }
25
26 const fileHostname = parsedUrl.hostname.toLowerCase();
27 for (const domain of domains) {
28 const d = domain.toLowerCase();
29 if (fileHostname === d) {
30 return;
31 }
32 if (d.startsWith('*.') && fileHostname.endsWith(d.slice(1))) {
33 return;
34 }
35 }
36
37 throw new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File URL domain '${parsedUrl.hostname}' is not allowed.`);
38}
39
40/**
41 * Recursively scans an object for File type fields and validates their URLs.

Callers 4

validateFileUrlsInObjectFunction · 0.85
mutation.jsFile · 0.85
parseObjectFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected