MCPcopy Index your code
hub / github.com/webpack/webpack-dev-server / isHostAllowed

Method isHostAllowed

lib/Server.js:3064–3111  ·  view source on GitHub ↗

* @private * @param {string} value value * @returns {boolean} true when host allowed, otherwise false

(value)

Source from the content-addressed store, hash-verified

3062 * @returns {boolean} true when host allowed, otherwise false
3063 */
3064 isHostAllowed(value) {
3065 const { allowedHosts } = this.options;
3066
3067 // allow user to opt out of this security check, at their own risk
3068 // by explicitly enabling allowedHosts
3069 if (allowedHosts === "all") {
3070 return true;
3071 }
3072
3073 // always allow localhost host, for convenience
3074 // allow if value is in allowedHosts
3075 if (Array.isArray(allowedHosts) && allowedHosts.length > 0) {
3076 for (const allowedHost of allowedHosts) {
3077 if (allowedHost === value) {
3078 return true;
3079 }
3080
3081 // support "." as a subdomain wildcard
3082 // e.g. ".example.com" will allow "example.com", "www.example.com", "subdomain.example.com", etc
3083 if (
3084 allowedHost.startsWith(".") && // "example.com" (value === allowedHost.substring(1))
3085 // "*.example.com" (value.endsWith(allowedHost))
3086 (value === allowedHost.slice(1) ||
3087 /** @type {string} */
3088 (value).endsWith(allowedHost))
3089 ) {
3090 return true;
3091 }
3092 }
3093 }
3094
3095 // Also allow if `client.webSocketURL.hostname` provided
3096 if (
3097 this.options.client &&
3098 typeof (
3099 /** @type {ClientConfiguration} */
3100 (this.options.client).webSocketURL
3101 ) !== "undefined"
3102 ) {
3103 return (
3104 /** @type {WebSocketURL} */
3105 (/** @type {ClientConfiguration} */ (this.options.client).webSocketURL)
3106 .hostname === value
3107 );
3108 }
3109
3110 return false;
3111 }
3112
3113 /**
3114 * Extracts and normalizes the hostname from a header, removing brackets for IPv6.

Callers 2

isValidHostMethod · 0.95
isSameOriginMethod · 0.95

Calls

no outgoing calls

Tested by

no test coverage detected