till/hd-commerce
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix (code-review): öffentliche Basis-URL aus X-Forwarded-* bzw. PUBLIC_BASE_URL statt request-origin (localhost hinter Proxy) — korrekte Return-/Webhook-/Erfolgs-URLs für Mollie+Demo

Browse Source
This commit is contained in:
Heidrich Digital
2026-06-17 16:42:57 +00:00
parent e5514dd5da
commit 67b2fb78b7
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/pages/api/checkout.js
+11 -1
View File
@@ -8,6 +8,16 @@ export const prerender = false;
function json(obj, status = 200) { return new Response(JSON.stringify(obj), { status, headers: { 'Content-Type': 'application/json' } }); } function json(obj, status = 200) { return new Response(JSON.stringify(obj), { status, headers: { 'Content-Type': 'application/json' } }); }
function publicBase(request) {
const env = (process.env.PUBLIC_BASE_URL || '').trim().replace(/\/$/, '');
if (env) return env;
const proto = request.headers.get('x-forwarded-proto') || 'https';
const host = request.headers.get('x-forwarded-host') || request.headers.get('host');
if (host) return `${proto}://${host}`;
try { return new URL(request.url).origin; } catch { return ''; }
}
export async function POST({ request }) { export async function POST({ request }) {
let body; let body;
try { body = await request.json(); } catch { return json({ error: 'Bad request' }, 400); } try { body = await request.json(); } catch { return json({ error: 'Bad request' }, 400); }
@@ -83,7 +93,7 @@ export async function POST({ request }) {
redeemDiscount(discount.id, discount.code, email, order.id, discount.freeShipping ? 0 : discountCents); redeemDiscount(discount.id, discount.code, email, order.id, discount.freeShipping ? 0 : discountCents);
} }
const origin = new URL(request.url).origin; const origin = publicBase(request);
const returnUrl = `${origin}/bestellung-erfolgreich?order=${order.number}`; const returnUrl = `${origin}/bestellung-erfolgreich?order=${order.number}`;
const pay = await createPayment({ const pay = await createPayment({
order, items: lineItems, lineItems, totalCents: total, shippingCents, order, items: lineItems, lineItems, totalCents: total, shippingCents,