d8dfun/claudecodeui
1
0
Fork 0
mirror of https://github.com/siteboon/claudecodeui.git synced 2026-06-26 05:15:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(voice): validate config and request boundaries

Browse Source 
Malformed stored settings could break voice requests instead of using safe defaults.

Health results could outlive auth changes. URL checks also did not guard the fetch sink.

Remove constant recorder branches so lifecycle cancellation stays clear.
This commit is contained in:
Haileyesus
2026-06-25 16:52:54 +03:00
parent af16d8ebdc
commit 43c0cca96e
4 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/voice-proxy.js
View File

@@ -56,10 +56,14 @@ const VOICE_TIMEOUT_MS = Number.isFinite(_parsedTimeout) && _parsedTimeout > 0
* @returns {Promise<Response>}
*/
async function fetchWithTimeout(url, options = {}) {
const parsed = new URL(url);
if (!['http:', 'https:'].includes(parsed.protocol) || !isAllowedBackendUrl(parsed.origin)) {
throw new Error('Blocked outbound voice backend URL');
}
const controller = new AbortController();
const timer = setTimeout(() => controller.abort(), VOICE_TIMEOUT_MS);
try {
return await fetch(url, { redirect: 'manual', ...options, signal: controller.signal });
return await fetch(parsed.toString(), { redirect: 'manual', ...options, signal: controller.signal });
} finally {
clearTimeout(timer);
}