een-api-toolkit 0.3.67 → 0.3.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/CHANGELOG.md +52 -107
  2. package/README.md +2 -0
  3. package/dist/index.cjs +3 -3
  4. package/dist/index.cjs.map +1 -1
  5. package/dist/index.js +9 -0
  6. package/dist/index.js.map +1 -1
  7. package/docs/AI-CONTEXT.md +1 -1
  8. package/docs/ai-reference/AI-AUTH.md +1 -1
  9. package/docs/ai-reference/AI-AUTOMATIONS.md +1 -1
  10. package/docs/ai-reference/AI-DEVICES.md +1 -1
  11. package/docs/ai-reference/AI-EVENT-DATA-SCHEMAS.md +1 -1
  12. package/docs/ai-reference/AI-EVENTS.md +1 -1
  13. package/docs/ai-reference/AI-GROUPING.md +1 -1
  14. package/docs/ai-reference/AI-JOBS.md +1 -1
  15. package/docs/ai-reference/AI-MEDIA.md +1 -1
  16. package/docs/ai-reference/AI-SETUP.md +1 -1
  17. package/docs/ai-reference/AI-USERS.md +1 -1
  18. package/package.json +5 -5
package/dist/index.js CHANGED
@@ -992,6 +992,15 @@ async function ct() {
992
992
  return i("API_ERROR", "No session URL returned from media session endpoint");
993
993
  const t = n.data.url;
994
994
  s("Calling session URL to set cookie:", t);
995
+ try {
996
+ const o = new URL(t);
997
+ if (![".eagleeyenetworks.com", ".een.cloud"].some(
998
+ (h) => o.hostname === h.substring(1) || o.hostname.endsWith(h)
999
+ ))
1000
+ return i("VALIDATION_ERROR", `Session URL domain not allowed: ${o.hostname}`);
1001
+ } catch {
1002
+ return i("VALIDATION_ERROR", "Invalid session URL format");
1003
+ }
995
1004
  const { controller: r, timeoutId: a } = w();
996
1005
  try {
997
1006
  const o = await fetch(t, {