wevm
Frame request input validation
Describe the bug
Hey Frog team, I am making a bug report on behalf of @artlu99, it seems that there is a lack of input validation for requests - we cannot figure out why this request body doesn't work on the frame url https://private-frame.artlu.xyz/api, for our client far.quest/cast.
// Here is all we are doing on `build.far.quest/v1/fetch-frame`:
const { proxyUrl, untrustedData, trustedData, action } = req.body;
const response = await axios.post(proxyUrl, {
untrustedData,
trustedData,
});
The frog server returns a 500 - I assume it should validate the input, and return a 400 for bad input, rather than an internal error.
His frog server on vercel show this error: TypeError: Invalid URL at new URL (node:internal) (the repo is here).
Would be helpful if there was some input validation for a frog frame server, thank you!
Link to Minimal Reproducible Example
https://github.com/artlu99/private-frame-artlu-xyz
Steps To Reproduce
Enter: https://private-frame.artlu.xyz/api to this test page: https://far.quest/~/developers/frames
Server:
https://github.com/artlu99/private-frame-artlu-xyz
Frog Version
0.17.4
TypeScript Version
No response
Check existing issues
- [X] I checked there isn't already an issue for the bug I encountered.
Anything else?
No response
I don't think the Invalid URL error is thrown because of validation issue.
Can you please provide full error stacktrace? To know where exactly it threw it.
Also appreciate the repo but I could not reproduce it locally.