fix: host check

RohitKushvaha01 · RohitKushvaha01 · commit e5c9527d92f8 · 2026-04-19T09:41:58.000+05:30
diff --git a/src/plugins/auth/src/android/PluginRetriever.java b/src/plugins/auth/src/android/PluginRetriever.java
@@ -41,10 +41,13 @@ public static void downloadPlugin(String token, String pluginUrl, String destFil
             connection.setReadTimeout(30000);
 
             if (token != null && !token.isEmpty()) {
-                if (url.getHost().endsWith("acode.app")) {
+                String host = url.getHost();
+
+                if (host != null &&
+                    (host.equals("acode.app") || host.endsWith(".acode.app"))) {
                     connection.setRequestProperty("x-auth-token", token);
-                } else {
-                    Log.w(TAG, "Not adding auth token for untrusted URL: " + pluginUrl);
+                }else {
+                    Log.w(TAG, "Not adding auth token for untrusted URL: " + url);
                 }
             }
 
@@ -94,9 +97,12 @@ public static JSONArray fetchJsonArray(String urlString, String token) {
             conn.setReadTimeout(5000);
 
             if (token != null && !token.isEmpty()) {
-                if (url.getHost().endsWith("acode.app")) {
+               String host = url.getHost();
+
+                if (host != null &&
+                    (host.equals("acode.app") || host.endsWith(".acode.app"))) {
                     conn.setRequestProperty("x-auth-token", token);
-                } else {
+                }else {
                     Log.w(TAG, "Not adding auth token for untrusted URL: " + url);
                 }
             }
