(req: IncomingMessage, clientSocket: Duplex)
| 74 | const DEFAULT_REQUEST_TIMEOUT_MS = 30_000; |
| 75 | |
| 76 | export function rejectUpgradeIfNotLoopback(req: IncomingMessage, clientSocket: Duplex): boolean { |
| 77 | const peerAddress = req.socket?.remoteAddress; |
| 78 | if (peerAddress !== undefined && !isLoopbackAddress(peerAddress)) { |
| 79 | clientSocket.destroy(); |
| 80 | return true; |
| 81 | } |
| 82 | if (!isAllowedWorkspaceHostHeader(req.headers.host)) { |
| 83 | clientSocket.destroy(); |
| 84 | return true; |
| 85 | } |
| 86 | const origin = req.headers.origin; |
| 87 | if (typeof origin === 'string' && !isAllowedApiOrigin(origin)) { |
| 88 | clientSocket.destroy(); |
| 89 | return true; |
| 90 | } |
| 91 | return false; |
| 92 | } |
| 93 | |
| 94 | export function proxyUpgrade( |
| 95 | req: IncomingMessage, |
no test coverage detected