From 0a778d8a6452b446147c13f7e8b2e956a2086970 Mon Sep 17 00:00:00 2001
From: Philip Molares <philip.molares@udo.edu>
Date: Fri, 4 Mar 2022 00:01:12 +0100
Subject: [PATCH] fix: use joi uri validator in appConfig

validate HD_DOMAIN and HD_RENDERER_ORIGIN with the uri validator of Joi. This should prevent the problem described in #2150.

Fixes #2150

See also: https://joi.dev/api/#stringurioptions

Signed-off-by: Philip Molares <philip.molares@udo.edu>
---
 src/config/app.config.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/config/app.config.ts b/src/config/app.config.ts
index 90f7fc1ab..fa940067f 100644
--- a/src/config/app.config.ts
+++ b/src/config/app.config.ts
@@ -17,8 +17,15 @@ export interface AppConfig {
 }
 
 const schema = Joi.object({
-  domain: Joi.string().label('HD_DOMAIN'),
+  domain: Joi.string()
+    .uri({
+      scheme: /https?/,
+    })
+    .label('HD_DOMAIN'),
   rendererOrigin: Joi.string()
+    .uri({
+      scheme: /https?/,
+    })
     .default(Joi.ref('domain'))
     .optional()
     .label('HD_RENDERER_ORIGIN'),