Skip to content

Commit da185e6

Browse files
committed
fix(workspaces): validate logoUrl accepts only paths or HTTPS URLs
1 parent 1d5656a commit da185e6

File tree

1 file changed

+7
-1
lines changed
  • apps/sim/app/api/workspaces/[id]

1 file changed

+7
-1
lines changed

apps/sim/app/api/workspaces/[id]/route.ts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,13 @@ const patchWorkspaceSchema = z.object({
2020
.string()
2121
.regex(/^#[0-9a-fA-F]{6}$/)
2222
.optional(),
23-
logoUrl: z.string().min(1).nullable().optional(),
23+
logoUrl: z
24+
.string()
25+
.refine((val) => val.startsWith('/') || val.startsWith('https://'), {
26+
message: 'Logo URL must be an absolute path or HTTPS URL',
27+
})
28+
.nullable()
29+
.optional(),
2430
billedAccountUserId: z.string().optional(),
2531
allowPersonalApiKeys: z.boolean().optional(),
2632
})

0 commit comments

Comments
 (0)