From 80e2d2ea997f5e4e58905370dc7a6fd242de8fe4 Mon Sep 17 00:00:00 2001
From: Vincent Giersch <vincent@giersch.fr>
Date: Wed, 2 Nov 2022 17:23:03 +0100
Subject: [PATCH] fix(amazon2): Incomplete URL substring sanitization

---
 lib/amazon2.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/amazon2.js b/lib/amazon2.js
index f9387f8..56ea33e 100644
--- a/lib/amazon2.js
+++ b/lib/amazon2.js
@@ -159,7 +159,7 @@ module.exports.validatePurchase = function (dSecret, receipt, cb) {
 };
 
 function _isSandbox(path) {
-    return !path.startsWith(VALIDATION_HOST);
+    return !path.startsWith(`${VALIDATION_HOST}/`);
 }
 
 module.exports.getPurchaseData = function (purchase, options) {