[CSA-28] Use path normalization in API requests (#4580)

* Use path normalization in API requests * Remove CLI webpack config change that's unneeded * Add additional tests
2025-12-13 06:43:35 +00:00 · 2023-02-03 14:24:49 -05:00
parent ff143760d4
commit 6df37dd715
5 changed files with 34 additions and 6 deletions
--- a/libs/common/src/services/api.service.ts
+++ b/libs/common/src/services/api.service.ts
@@ -1962,11 +1962,8 @@ export class ApiService implements ApiServiceAbstraction {
  ): Promise<any> {
    apiUrl = Utils.isNullOrWhitespace(apiUrl) ? this.environmentService.getApiUrl() : apiUrl;

-    const requestUrl = apiUrl + path;
    // Prevent directory traversal from malicious paths
-    if (new URL(requestUrl).href !== requestUrl) {
-      return Promise.reject("Invalid request url path.");
-    }
+    const requestUrl = apiUrl + Utils.normalizePath(path);

    const headers = new Headers({
      "Device-Type": this.deviceType,