From 8fccd323a8d2ec3116ab09a5bfc98ecf2330171c Mon Sep 17 00:00:00 2001
From: claude-code-best <claude-code-best@proton.me>
Date: Sun, 10 May 2026 11:40:27 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E8=84=B1=E6=95=8F=20probe-subscription-?=
 =?UTF-8?q?endpoints=20=E6=97=A5=E5=BF=97=E4=B8=AD=E7=9A=84=20API=20base?=
 =?UTF-8?q?=20URL?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

使用 URL.origin 替代完整 URL，避免明文泄露 OAuth 配置中的敏感路径信息（CodeQL js/clear-text-logging）。

Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>
---
 scripts/probe-subscription-endpoints.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/probe-subscription-endpoints.ts b/scripts/probe-subscription-endpoints.ts
index ed3bd6d24..cfab5277d 100644
--- a/scripts/probe-subscription-endpoints.ts
+++ b/scripts/probe-subscription-endpoints.ts
@@ -117,7 +117,8 @@ async function main(): Promise<void> {
   )
   const { accessToken, orgUUID } = await prepareApiRequest()
   const baseUrl = getOauthConfig().BASE_API_URL
-  console.log(`base:    ${baseUrl}`)
+  const { origin: baseOrigin } = new URL(baseUrl)
+  console.log(`base:    ${baseOrigin}`)
   console.log(`orgUUID: ${orgUUID.slice(0, 8)}…\n`)
   console.log(
     '  STATUS PATH                                   BETA HEADER                         RESPONSE PREVIEW',