PS-2450 EC-1073 Do not decode and normalize query (#4708)
Co-authored-by: Jake Fink <jfink@bitwarden.com>
This commit is contained in:
parent
6a7a7299c2
commit
13746c1840
|
@ -1991,7 +1991,9 @@ export class ApiService implements ApiServiceAbstraction {
|
||||||
apiUrl = Utils.isNullOrWhitespace(apiUrl) ? this.environmentService.getApiUrl() : apiUrl;
|
apiUrl = Utils.isNullOrWhitespace(apiUrl) ? this.environmentService.getApiUrl() : apiUrl;
|
||||||
|
|
||||||
// Prevent directory traversal from malicious paths
|
// Prevent directory traversal from malicious paths
|
||||||
const requestUrl = apiUrl + Utils.normalizePath(path);
|
const pathParts = path.split("?");
|
||||||
|
const requestUrl =
|
||||||
|
apiUrl + Utils.normalizePath(pathParts[0]) + (pathParts.length > 1 ? `?${pathParts[1]}` : "");
|
||||||
|
|
||||||
const headers = new Headers({
|
const headers = new Headers({
|
||||||
"Device-Type": this.deviceType,
|
"Device-Type": this.deviceType,
|
||||||
|
|
Loading…
Reference in New Issue