From 1a2069a6d92f5bb5a03008966893ef3d4405c4b7 Mon Sep 17 00:00:00 2001 From: Fizza-Mukhtar Date: Thu, 5 Mar 2026 00:39:03 -0800 Subject: [PATCH 1/2] fix: prevent resource creation with dashboard domain to avoid redirect loop --- server/routers/resource/createResource.ts | 14 ++++++++++++++ server/routers/resource/updateResource.ts | 14 ++++++++++++++ .../settings/resources/proxy/create/page.tsx | 2 +- 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts index 6c88c5797..384bb8b53 100644 --- a/server/routers/resource/createResource.ts +++ b/server/routers/resource/createResource.ts @@ -223,6 +223,20 @@ async function createHttpResource( ); } + // Prevent creating resource with same domain as dashboard + const dashboardUrl = process.env.DASHBOARD_URL; + if (dashboardUrl) { + const dashboardHost = new URL(dashboardUrl).hostname; + if (fullDomain === dashboardHost) { + return next( + createHttpError( + HttpCode.CONFLICT, + "Resource domain cannot be the same as the dashboard domain" + ) + ); + } + } + if (build != "oss") { const existingLoginPages = await db .select() diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts index 42e2849f6..becad5d2c 100644 --- a/server/routers/resource/updateResource.ts +++ b/server/routers/resource/updateResource.ts @@ -353,6 +353,20 @@ async function updateHttpResource( ); } + // Prevent updating resource with same domain as dashboard + const dashboardUrl = process.env.DASHBOARD_URL; + if (dashboardUrl) { + const dashboardHost = new URL(dashboardUrl).hostname; + if (fullDomain === dashboardHost) { + return next( + createHttpError( + HttpCode.CONFLICT, + "Resource domain cannot be the same as the dashboard domain" + ) + ); + } + } + if (build != "oss") { const existingLoginPages = await db .select() diff --git a/src/app/[orgId]/settings/resources/proxy/create/page.tsx b/src/app/[orgId]/settings/resources/proxy/create/page.tsx index ff51a311b..127917555 100644 --- a/src/app/[orgId]/settings/resources/proxy/create/page.tsx +++ b/src/app/[orgId]/settings/resources/proxy/create/page.tsx @@ -559,7 +559,7 @@ export default function Page() { toast({ variant: "destructive", title: t("resourceErrorCreate"), - description: t("resourceErrorCreateMessageDescription") + description: formatAxiosError(e, t("resourceErrorCreateMessageDescription")) }); } From 4cfcc64481f0b6c0c2f880ac41899661aa54a8b0 Mon Sep 17 00:00:00 2001 From: Fizza-Mukhtar Date: Thu, 5 Mar 2026 01:07:30 -0800 Subject: [PATCH 2/2] fix: use config instead of process.env for dashboard URL check --- server/routers/resource/createResource.ts | 2 +- server/routers/resource/updateResource.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts index 384bb8b53..e07880ac2 100644 --- a/server/routers/resource/createResource.ts +++ b/server/routers/resource/createResource.ts @@ -224,7 +224,7 @@ async function createHttpResource( } // Prevent creating resource with same domain as dashboard - const dashboardUrl = process.env.DASHBOARD_URL; + const dashboardUrl = config.getRawConfig().app.dashboard_url; if (dashboardUrl) { const dashboardHost = new URL(dashboardUrl).hostname; if (fullDomain === dashboardHost) { diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts index becad5d2c..01f3e79ff 100644 --- a/server/routers/resource/updateResource.ts +++ b/server/routers/resource/updateResource.ts @@ -354,7 +354,7 @@ async function updateHttpResource( } // Prevent updating resource with same domain as dashboard - const dashboardUrl = process.env.DASHBOARD_URL; + const dashboardUrl = config.getRawConfig().app.dashboard_url; if (dashboardUrl) { const dashboardHost = new URL(dashboardUrl).hostname; if (fullDomain === dashboardHost) {