From acc059c0aa552d5f993df002cc630d40de763e71 Mon Sep 17 00:00:00 2001
From: 0xsysr3ll <0xsysr3ll@pm.me>
Date: Fri, 18 Apr 2025 01:13:52 +0200
Subject: [PATCH] fix: previous SSRF broke PIN verification

---
 server/api/plextv.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server/api/plextv.ts b/server/api/plextv.ts
index 0892f1d40..8d61e51e2 100644
--- a/server/api/plextv.ts
+++ b/server/api/plextv.ts
@@ -377,11 +377,14 @@ class PlexTvAPI extends ExternalAPI {
     profileId: string,
     pin: string
   ): Promise<boolean> {
+    const urlPath = `/api/v2/home/users/${profileId}/switch`;
+
     try {
       const response = await axios.post(
-        `https://clients.plex.tv/api/v2/home/users/${profileId}/switch`,
+        urlPath,
         { pin },
         {
+          baseURL: 'https://clients.plex.tv',
           headers: {
             Accept: 'application/json',
             'Content-Type': 'application/json',