fix: prevent resource creation with dashboard domain to avoid redirect loop

2026-03-09 12:16:36 +00:00 · 2026-03-05 00:39:03 -08:00
parent 483d54a9f0
commit 1a2069a6d9
3 changed files with 29 additions and 1 deletions
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -353,6 +353,20 @@ async function updateHttpResource(
                );
            }

+            // Prevent updating resource with same domain as dashboard
+            const dashboardUrl = process.env.DASHBOARD_URL;
+            if (dashboardUrl) {
+                const dashboardHost = new URL(dashboardUrl).hostname;
+                if (fullDomain === dashboardHost) {
+                    return next(
+                        createHttpError(
+                            HttpCode.CONFLICT,
+                            "Resource domain cannot be the same as the dashboard domain"
+                        )
+                    );
+                }
+            }
+        
            if (build != "oss") {
                const existingLoginPages = await db
                    .select()