Trusted hosts

[Blacksmoke16]

Context

Many different kinds of attacks have been discovered relying on inconsistencies in handling the Host header by various software. This PR provides a simple way to guard against these types of attacks by allowing users to whitelist the hostnames they wish to handle requests from.

When configured, any request with a hostname that doesn't match at least one of the provided regexes, will return a 400 response.

Changelog

• Add a new trusted_hosts bundle schema property to allow setting trusted hosts

---

Before merging, remember to add the athena-framework/athena prefix to the PR number in the PR title

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

Flag	Coverage Δ
compiled	8.17% <15.38%> (+0.01%)	⬆️
unit	92.69% <100.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
clock	98.18% <ø> (ø)
console	92.61% <ø> (ø)
dependency_injection	64.28% <ø> (ø)
dotenv	96.80% <ø> (ø)
event_dispatcher	82.75% <ø> (ø)
framework	93.95% <100.00%> (+0.03%)	⬆️
image_size	95.03% <ø> (ø)
mercure	93.37% <ø> (ø)
negotiation	97.69% <ø> (ø)
routing	92.96% <ø> (ø)
serializer	87.23% <ø> (ø)
spec	93.54% <ø> (ø)
validator	92.37% <ø> (ø)

📢 Thoughts on this report? Let us know!