prevent url injection to api calls (!1) · Merge requests · Güter / arcavisfrontend

o@immerda.ch requested to merge fixApiInjetion into main Aug 30, 2022

not properly construting the url is quite dangerous as user controlled input can lead to injection of arbitrary paths and query parameters into the url.

this changes the arcavis.server config to contain only the hostname and nothing else.

prevent url injection to api calls

Merge request reports