* Core domain check. Returns null if the URL is allowed, or the hostname/url * string to use in the rejection error.
(url: string)
| 34 | * string to use in the rejection error. |
| 35 | */ |
| 36 | function checkMcpDomain(url: string): string | null { |
| 37 | const allowedDomains = getAllowedMcpDomainsFromEnv() |
| 38 | if (allowedDomains === null) return null |
| 39 | try { |
| 40 | const hostname = new URL(url).hostname.toLowerCase() |
| 41 | return allowedDomains.includes(hostname) ? null : hostname |
| 42 | } catch { |
| 43 | return url |
| 44 | } |
| 45 | } |
| 46 | |
| 47 | /** |
| 48 | * Returns true if the URL's hostname contains an env var reference, |
no test coverage detected