Skip to content

Validate frontend URL scheme in CLI server install#1661

Merged
aliasaria merged 4 commits intomainfrom
fix/cli-frontend-url-validation
Mar 27, 2026
Merged

Validate frontend URL scheme in CLI server install#1661
aliasaria merged 4 commits intomainfrom
fix/cli-frontend-url-validation

Conversation

@aliasaria
Copy link
Copy Markdown
Member

@aliasaria aliasaria commented Mar 27, 2026

Summary

  • _prompt_frontend in tfl server install now validates that the URL starts with http:// or https://
  • Re-prompts the user with an error message if the scheme is missing (e.g. myserver.com:8338)

Test plan

  • All 69 CLI tests pass (cd cli && python -m pytest tests/ -v)
  • Ruff check and format clean
  • Manual: run tfl server install, enter a URL without a scheme, confirm it re-prompts
  • Manual: enter a valid URL with scheme, confirm it proceeds normally

@aliasaria
Validate frontend URL scheme in CLI server install
82aa731 
The _prompt_frontend function accepted any string without checking
for a valid URL scheme. Users typing e.g. "myserver.com:8338" would
get a broken config. Now re-prompts until the URL starts with
http:// or https://.
@paragon-review
Copy link
Copy Markdown

paragon-review bot commented Mar 27, 2026

Paragon Summary

This pull request review analyzed 1 file and found no issues. The review examined code changes, potential bugs, security vulnerabilities, performance issues, and code quality concerns using automated analysis tools.

Paragon did not detect any problems in the current diff. Proceed with merge after your normal checks.

This PR tightens tfl server install input validation so the frontend URL must include http:// or https://, and it re-prompts users when they enter a scheme-less address like myserver.com:8338. This reduces install-time configuration errors and helps ensure the CLI proceeds only with a valid server URL.

Key changes:

  • Added URL scheme validation in tfl server install frontend prompt
  • Rejects URLs missing http:// or https://
  • Re-prompts user with an error message for scheme-less input
  • Preserves normal flow for valid URLs with a scheme

Confidence score: 5/5

  • This PR has low risk with no critical or high-priority issues identified
  • Score reflects clean code review with only minor suggestions or no issues found
  • Code quality checks passed - safe to proceed with merge

1 file reviewed, 0 comments

Tip: @paragon-run <instructions> to chat with our agent or push fixes!

Dashboard

@aliasaria aliasaria merged commit 113b285 into main Mar 27, 2026
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paragon-review paragon-review[bot] paragon-review[bot] left review comments

@dadmobile dadmobile dadmobile approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aliasaria @dadmobile @deep1401