fix: restrict payment return urls to internal result page

2026-04-21 14:10:30 +08:00
parent 62ff2d803f
commit 147ed42ad3
3 changed files with 63 additions and 9 deletions
--- a/backend/internal/service/payment_order.go
+++ b/backend/internal/service/payment_order.go
@@ -350,7 +350,7 @@ func (s *PaymentService) invokeProvider(ctx context.Context, order *dbent.Paymen
 	}
 	subject := s.buildPaymentSubject(plan, limitAmount, cfg)
 	outTradeNo := order.OutTradeNo
-	canonicalReturnURL, err := CanonicalizeReturnURL(req.ReturnURL)
+	canonicalReturnURL, err := CanonicalizeReturnURL(req.ReturnURL, req.SrcHost)
 	if err != nil {
 		return nil, err
 	}