MCPcopy
hub / github.com/webpack/webpack-dev-server / setupMiddlewares

Method setupMiddlewares

lib/Server.js:1959–2518  ·  view source on GitHub ↗

* @private * @returns {Promise }

()

Source from the content-addressed store, hash-verified

1957 * @returns {Promise<void>}
1958 */
1959 async setupMiddlewares() {
1960 if (this.compiler === undefined) return;
1961 /**
1962 * @type {Middleware[]}
1963 */
1964 let middlewares = [];
1965
1966 // Register setup host header check for security
1967 middlewares.push({
1968 name: "host-header-check",
1969 /**
1970 * @param {Request} req request
1971 * @param {Response} res response
1972 * @param {NextFunction} next next function
1973 * @returns {void}
1974 */
1975 middleware: (req, res, next) => {
1976 const headers =
1977 /** @type {{ [key: string]: string | undefined }} */
1978 (req.headers);
1979 const headerName = headers[":authority"] ? ":authority" : "host";
1980
1981 if (this.isValidHost(headers, headerName)) {
1982 next();
1983 return;
1984 }
1985
1986 res.statusCode = 403;
1987 res.end("Invalid Host header");
1988 },
1989 });
1990
1991 // Register setup cross origin request check for security
1992 middlewares.push({
1993 name: "cross-origin-header-check",
1994 /**
1995 * @param {Request} req request
1996 * @param {Response} res response
1997 * @param {NextFunction} next next function
1998 * @returns {void}
1999 */
2000 middleware: (req, res, next) => {
2001 const headers =
2002 /** @type {{ [key: string]: string | undefined }} */
2003 (req.headers);
2004 const headerName = headers[":authority"] ? ":authority" : "host";
2005
2006 if (this.isValidHost(headers, headerName, false)) {
2007 next();
2008 return;
2009 }
2010
2011 if (
2012 headers["sec-fetch-mode"] === "no-cors" &&
2013 headers["sec-fetch-site"] === "cross-site"
2014 ) {
2015 res.statusCode = 403;
2016 res.end("Cross-Origin request blocked");

Callers 1

initializeMethod · 0.95

Calls 5

isValidHostMethod · 0.95
#isSameOriginRequestMethod · 0.95
invalidateMethod · 0.95
getMethod · 0.80

Tested by

no test coverage detected