-
Notifications
You must be signed in to change notification settings - Fork 736
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: validate Host
/Origin
headers in magic proxy and InspectorProxyWorker
#4550
Conversation
🦋 Changeset detectedLatest commit: e349ba8 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
A wrangler prerelease is available for testing. You can install this latest build in your project with: npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-wrangler-4550 You can reference the automatically updated head of this PR with: npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/prs/7104924584/npm-package-wrangler-4550 Or you can use npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-wrangler-4550 dev path/to/script.js Additional artifacts:npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-miniflare-4550 npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-cloudflare-pages-shared-4550 npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/7104924584/npm-package-create-cloudflare-4550 Note that these links will no longer work once the GitHub Actions artifact expires.
| Please ensure constraints are pinned, and |
7dc6766
to
71eed02
Compare
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #4550 +/- ##
==========================================
+ Coverage 75.44% 75.46% +0.01%
==========================================
Files 240 240
Lines 12854 12855 +1
Branches 3312 3313 +1
==========================================
+ Hits 9698 9701 +3
+ Misses 3156 3154 -2
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this not possible to write automated tests for?
Host
/Origin
headers in magic proxy InspectorProxyWorker
Host
/Origin
headers in magic proxy and InspectorProxyWorker
71eed02
to
ad457f1
Compare
ad457f1
to
e349ba8
Compare
What this PR solves / how to test:
Host
andOrigin
headers are now checked when connecting to the inspector and Miniflare's magic proxy. If these don't match what's expected, the request will fail. To test this, host DevTools on a different networked computer, and try to connect to the localwrangler dev
server from that. The request should fail. Connecting from the hosted devtools and local devtools should succeed. Miniflare's test suite should succeed too.Author has addressed the following:
Note for PR author:
We want to celebrate and highlight awesome PR review! If you think this PR received a particularly high-caliber review, please assign it the label
highlight pr review
so future reviewers can take inspiration and learn from it.