From d3c53794cf3a16802ae12bbdcde8c8b2fc264b17 Mon Sep 17 00:00:00 2001
From: Neeraj Gupta <254676+ua741@users.noreply.github.com>
Date: Wed, 10 Sep 2025 04:52:20 +0530
Subject: [PATCH] Add alert for exactDomain mismatch

---
 server/pkg/middleware/collection_link.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/server/pkg/middleware/collection_link.go b/server/pkg/middleware/collection_link.go
index 31916b90f0..55441d5fd7 100644
--- a/server/pkg/middleware/collection_link.go
+++ b/server/pkg/middleware/collection_link.go
@@ -224,10 +224,18 @@ func (m *CollectionLinkMiddleware) validateOrigin(c *gin.Context, ownerID int64)
 
 	unicodeDomain, _ := idna.ToUnicode(*domain)
 	if !strings.Contains(strings.ToLower(parse.Host), strings.ToLower(*domain)) && !strings.Contains(strings.ToLower(parse.Host), strings.ToLower(unicodeDomain)) {
-		logger.Warnf("domainMismatch for owner  domain %s (unicode %s) vs host %s", *domain, unicodeDomain, parse.Host)
+		logger.Warnf("domainMismatch: domain %s (unicode %s) vs originHost %s", *domain, unicodeDomain, parse.Host)
 		m.DiscordController.NotifyPotentialAbuse(alertMessage + " - domainMismatch")
 		return ente.NewPermissionDeniedError("unknown custom domain")
 	}
+	// Additional exact match check. In the future, remove the contains check above and only keep this exact match check.
+	if !strings.EqualFold(parse.Host, *domain) && !strings.EqualFold(parse.Host, unicodeDomain) {
+		logger.Warnf("exactDomainMismatch: domain %s (unicode %s) vs originHost %s", *domain, unicodeDomain, parse.Host)
+		m.DiscordController.NotifyPotentialAbuse(alertMessage + " - exactDomainMismatch")
+		// Do not return error here till we are fully sure that this won't cause any issues for existing
+		// custom domains.
+		// return ente.NewPermissionDeniedError("unknown custom domain")
+	}
 	return nil
 }