From 22a910e8186f884cc3a2e44837090ca7da116642 Mon Sep 17 00:00:00 2001
From: Mike Cao <moocao@gmail.com>
Date: Tue, 11 Feb 2025 20:36:31 -0800
Subject: [PATCH] Added validation for hostname.

---
 src/app/api/send/route.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/app/api/send/route.ts b/src/app/api/send/route.ts
index cf62d4ad..2d220f38 100644
--- a/src/app/api/send/route.ts
+++ b/src/app/api/send/route.ts
@@ -7,7 +7,7 @@ import { badRequest, json, forbidden, serverError } from '@/lib/response';
 import { fetchSession, fetchWebsite } from '@/lib/load';
 import { getClientInfo, hasBlockedIp } from '@/lib/detect';
 import { secret, uuid, visitSalt } from '@/lib/crypto';
-import { COLLECTION_TYPE } from '@/lib/constants';
+import { COLLECTION_TYPE, DOMAIN_REGEX } from '@/lib/constants';
 import { createSession, saveEvent, saveSessionData } from '@/queries';
 import { urlOrPathParam } from '@/lib/schema';
 
@@ -16,7 +16,7 @@ const schema = z.object({
   payload: z.object({
     website: z.string().uuid(),
     data: z.object({}).passthrough().optional(),
-    hostname: z.string().max(100).optional(),
+    hostname: z.string().regex(DOMAIN_REGEX).max(100).optional(),
     language: z.string().max(35).optional(),
     referrer: urlOrPathParam.optional(),
     screen: z.string().max(11).optional(),