MCPcopy
hub / github.com/webpack/webpack-dev-server / isValidHost

Method isValidHost

lib/Server.js:3194–3238  ·  view source on GitHub ↗

* @private * @param {{ [key: string]: string | undefined }} headers headers * @param {string} headerToCheck header to check * @param {boolean} validateHost need to validate host * @returns {boolean} true when host is valid, otherwise false

(headers, headerToCheck, validateHost = true)

Source from the content-addressed store, hash-verified

3192 * @returns {boolean} true when host is valid, otherwise false
3193 */
3194 isValidHost(headers, headerToCheck, validateHost = true) {
3195 if (this.options.allowedHosts === "all") {
3196 return true;
3197 }
3198
3199 // get the Host header and extract hostname
3200 // we don't care about port not matching
3201 const header = headers[headerToCheck];
3202
3203 if (!header) {
3204 return false;
3205 }
3206
3207 if (DEFAULT_ALLOWED_PROTOCOLS.test(header)) {
3208 return true;
3209 }
3210
3211 const hostname = this.#parseHostnameFromHeader(header);
3212
3213 if (hostname === null) {
3214 return false;
3215 }
3216
3217 if (this.isHostAllowed(hostname)) {
3218 return true;
3219 }
3220
3221 // always allow requests with explicit IPv4 or IPv6-address.
3222 // A note on IPv6 addresses:
3223 // header will always contain the brackets denoting
3224 // an IPv6-address in URLs,
3225 // these aren't removed from the hostname in new URL(),
3226 // For convenience, always allow localhost (hostname === 'localhost')
3227 // and its subdomains (hostname.endsWith(".localhost")).
3228 // allow hostname of listening address (hostname === this.options.host)
3229 const isValidHostname = validateHost
3230 ? ipaddr.IPv4.isValid(hostname) ||
3231 ipaddr.IPv6.isValid(hostname) ||
3232 hostname === "localhost" ||
3233 hostname.endsWith(".localhost") ||
3234 hostname === this.options.host
3235 : false;
3236
3237 return isValidHostname;
3238 }
3239
3240 /**
3241 * @private

Callers 4

setupMiddlewaresMethod · 0.95
createWebSocketServerMethod · 0.95
api.test.jsFile · 0.80

Calls 1

isHostAllowedMethod · 0.95

Tested by

no test coverage detected