fix: prevent resource creation with dashboard domain to avoid redirect loop

2026-03-09 16:36:20 +00:00 · 2026-03-05 00:39:03 -08:00
parent 483d54a9f0
commit 1a2069a6d9
3 changed files with 29 additions and 1 deletions
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@@ -223,6 +223,20 @@ async function createHttpResource(
        );
    }

+    // Prevent creating resource with same domain as dashboard
+    const dashboardUrl = process.env.DASHBOARD_URL;
+    if (dashboardUrl) {
+        const dashboardHost = new URL(dashboardUrl).hostname;
+        if (fullDomain === dashboardHost) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    "Resource domain cannot be the same as the dashboard domain"
+                )
+            );
+        }
+    }
+
    if (build != "oss") {
        const existingLoginPages = await db
            .select()
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -353,6 +353,20 @@ async function updateHttpResource(
                );
            }

+            // Prevent updating resource with same domain as dashboard
+            const dashboardUrl = process.env.DASHBOARD_URL;
+            if (dashboardUrl) {
+                const dashboardHost = new URL(dashboardUrl).hostname;
+                if (fullDomain === dashboardHost) {
+                    return next(
+                        createHttpError(
+                            HttpCode.CONFLICT,
+                            "Resource domain cannot be the same as the dashboard domain"
+                        )
+                    );
+                }
+            }
+        
            if (build != "oss") {
                const existingLoginPages = await db
                    .select()