fix(core): Do not use url.includes to check for domain names (#13802)

2025-12-17 01:56:46 +00:00 · 2025-03-19 12:29:00 +01:00
parent 9d698edceb
commit d3bc80c22b
6 changed files with 13 additions and 11 deletions
--- a/packages/nodes-base/credentials/CustomerIoApi.credentials.ts
+++ b/packages/nodes-base/credentials/CustomerIoApi.credentials.ts
@@ -64,14 +64,14 @@ export class CustomerIoApi implements ICredentialType {
 		requestOptions: IHttpRequestOptions,
 	): Promise<IHttpRequestOptions> {
 		// @ts-ignore
-		const url = requestOptions.url ? requestOptions.url : requestOptions.uri;
-		if (url.includes('track') || url.includes('api.customer.io')) {
+		const url = new URL(requestOptions.url ? requestOptions.url : requestOptions.uri);
+		if (url.hostname === 'track.customer.io' || url.hostname === 'api.customer.io') {
 			const basicAuthKey = Buffer.from(
 				`${credentials.trackingSiteId}:${credentials.trackingApiKey}`,
 			).toString('base64');
 			// @ts-ignore
 			Object.assign(requestOptions.headers, { Authorization: `Basic ${basicAuthKey}` });
-		} else if (url.includes('beta-api.customer.io')) {
+		} else if (url.hostname === 'beta-api.customer.io') {
 			// @ts-ignore
 			Object.assign(requestOptions.headers, {
 				Authorization: `Bearer ${credentials.appApiKey as string}`,