From 9361acb78edbaeb76a6514c1f88dcccc719eea21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20Gonz=C3=A1lez?=
 <7822554+AlexTMjugador@users.noreply.github.com>
Date: Thu, 11 Sep 2025 01:38:27 +0200
Subject: [PATCH] fix(labrinth): proper page view ingest URL origin filtering
 (#4344)

---
 apps/labrinth/src/routes/analytics.rs | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/apps/labrinth/src/routes/analytics.rs b/apps/labrinth/src/routes/analytics.rs
index 5f4fd5a5..2bdd5ffa 100644
--- a/apps/labrinth/src/routes/analytics.rs
+++ b/apps/labrinth/src/routes/analytics.rs
@@ -69,17 +69,18 @@ pub async fn page_view_ingest(
     let url = Url::parse(&url_input.url).map_err(|_| {
         ApiError::InvalidInput("invalid page view URL specified!".to_string())
     })?;
-
     let domain = url.host_str().ok_or_else(|| {
         ApiError::InvalidInput("invalid page view URL specified!".to_string())
     })?;
+    let url_origin = url.origin().ascii_serialization();
 
-    let allowed_origins =
-        parse_strings_from_var("CORS_ALLOWED_ORIGINS").unwrap_or_default();
-    if !(domain.ends_with(".modrinth.com")
-        || domain == "modrinth.com"
-        || allowed_origins.contains(&"*".to_string()))
-    {
+    let is_valid_url_origin =
+        parse_strings_from_var("ANALYTICS_ALLOWED_ORIGINS")
+            .unwrap_or_default()
+            .iter()
+            .any(|origin| origin == "*" || url_origin == *origin);
+
+    if !is_valid_url_origin {
         return Err(ApiError::InvalidInput(
             "invalid page view URL specified!".to_string(),
         ));