@@ -3302,6 +3302,7 @@ message HealthCheckResponse {
33023302 this .monitor .url = " wss://"
33033303 this .monitor .accepted_statuscodes = [" 1000"
33043304 }
3305+
33053306 if (this .monitor .type === " push"
33063307 if (! this .monitor .pushToken ) {
33073308 // ideally this would require checking if the generated token is already used
@@ -3653,26 +3654,13 @@ message HealthCheckResponse {
36533654
36543655 // Validate hostname field input for various monitors
36553656 if (
3656- [
3657- " mqtt"
3658- " dns"
3659- " port"
3660- " ping"
3661- " steam"
3662- " gamedig"
3663- " radius"
3664- " tailscale-ping"
3665- " smtp"
3666- " snmp"
3667- ].includes (this .monitor .type ) &&
3657+ [" dns" " port" " ping" " steam" " gamedig" " radius" " tailscale-ping" " smtp" " snmp" includes (
3658+ this .monitor .type
3659+ ) &&
36683660 this .monitor .hostname
36693661 ) {
36703662 let hostname = this .monitor .hostname .trim ();
36713663
3672- if (this .monitor .type === " mqtt"
3673- hostname = hostname .replace (/ ^ (mqtt| ws)s? :\/\/ / " "
3674- }
3675-
36763664 if (this .monitor .type === " dns" && isIP (hostname)) {
36773665 toast .error (this .$t (" hostnameCannotBeIP"
36783666 return false ;
@@ -3699,30 +3687,42 @@ message HealthCheckResponse {
36993687 }
37003688 }
37013689
3702- // Validate URL field input for various monitors
3703- if (
3704- [" http" " keyword" " json-query" " websocket-upgrade" " real-browser" includes (this .monitor .type ) &&
3705- this .monitor .url
3706- ) {
3690+ // monitor type : url protocol restrictions
3691+ // null is no restriction, as long as it is able to be parsed by new URL()
3692+ const acceptList = {
3693+ http: [" http:" " https:"
3694+ keyword: [" http:" " https:"
3695+ " json-query" : [" http:" " https:"
3696+ " websocket-upgrade" : [" ws:" " wss:"
3697+ " real-browser" : null ,
3698+ mqtt: [" mqtt:" " ws:" " wss:"
3699+ };
3700+
3701+ if (this .monitor .type in acceptList) {
3702+ const allowedProtocols = acceptList[this .monitor .type ];
3703+
37073704 try {
3708- const url = new URL (this .monitor .url );
3709- // Browser can encode *.hostname.com to %2A.hostname.com
3710- if (url .hostname .includes (" *" || url .hostname .includes (" %2A"
3711- toast .error (this .$t (" wildcardOnlyForDNS"
3705+ let url;
3706+
3707+ // Special handling for MQTT, because it was wrongly used hostname field to store the URL.
3708+ if (this .monitor .type === " mqtt"
3709+ url = new URL (this .monitor .hostname );
3710+ } else {
3711+ url = new URL (this .monitor .url );
3712+ }
3713+
3714+ if (allowedProtocols && ! allowedProtocols .includes (url .protocol )) {
3715+ console .log (url);
3716+ toast .error (this .$t (" invalidURL"
37123717 return false ;
37133718 }
3714- if (
3715- ! isFQDN (url .hostname , {
3716- require_tld: false ,
3717- allow_underscores: true ,
3718- allow_trailing_dot: true ,
3719- }) &&
3720- ! isIP (url .hostname )
3721- ) {
3722- toast .error (this .$t (" invalidHostnameOrIP"
3719+
3720+ // No empty hostname (mainly for non-http/ws URLs)
3721+ if (! url .host ) {
3722+ toast .error (this .$t (" invalidURL"
37233723 return false ;
37243724 }
3725- } catch (err ) {
3725+ } catch (e ) {
37263726 toast .error (this .$t (" invalidURL"
37273727 return false ;
37283728 }
0 commit comments