From ea63716b61fc9af0228e1f910dc960ee8da36664 Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Mon, 29 Apr 2024 17:18:55 -0700
Subject: [PATCH] Fix: some error URLs aren't sanitized (#3385)

---
 src/utils/proxy/api-helpers.js | 2 +-
 src/utils/proxy/http.js        | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/utils/proxy/api-helpers.js b/src/utils/proxy/api-helpers.js
index 5fc22e1e..ffd2f63b 100644
--- a/src/utils/proxy/api-helpers.js
+++ b/src/utils/proxy/api-helpers.js
@@ -57,7 +57,7 @@ export function jsonArrayFilter(data, filter) {
 export function sanitizeErrorURL(errorURL) {
   // Dont display sensitive params on frontend
   const url = new URL(errorURL);
-  ["apikey", "api_key", "token", "t", "access_token"].forEach((key) => {
+  ["apikey", "api_key", "token", "t", "access_token", "auth"].forEach((key) => {
     if (url.searchParams.has(key)) url.searchParams.set(key, "***");
   });
   return url.toString();
diff --git a/src/utils/proxy/http.js b/src/utils/proxy/http.js
index 8a9ce380..875bfb4c 100644
--- a/src/utils/proxy/http.js
+++ b/src/utils/proxy/http.js
@@ -5,6 +5,7 @@ import { createUnzip, constants as zlibConstants } from "node:zlib";
 import { http, https } from "follow-redirects";
 
 import { addCookieToJar, setCookieHeader } from "./cookie-jar";
+import { sanitizeErrorURL } from "./api-helpers";
 
 import createLogger from "utils/logger";
 
@@ -113,6 +114,11 @@ export async function httpProxy(url, params = {}) {
       constructedUrl.pathname,
     );
     if (err) logger.error(err);
-    return [500, "application/json", { error: { message: err?.message ?? "Unknown error", url, rawError: err } }, null];
+    return [
+      500,
+      "application/json",
+      { error: { message: err?.message ?? "Unknown error", url: sanitizeErrorURL(url), rawError: err } },
+      null,
+    ];
   }
 }