Infrastructure/astro
0
Fork 0
mirror of https://github.com/withastro/astro.git synced 2025-02-17 22:44:24 -05:00
Code Issues Activity

fix: don't include port twice from x-forwarded-host and x-forwarded-port headers (#10917)

Browse source 
* fix: don't include port twice from x-forwarded-host and x-forwarded-port headers

* add changeset

* add test for port both in forwarded host and forwarded port

* don't include port if undefined

* Update .changeset/forty-wolves-turn.md

Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>

---------

Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
This commit is contained in:
Jakob Hellermann 2024-05-03 21:01:25 +02:00 committed by GitHub
parent 2dcbcdb857
commit 3412535be4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 31 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.changeset/forty-wolves-turn.md Normal file
View file

@ -0,0 +1,5 @@
---
"astro": patch
---
Fixes a case where the local server would crash when the host also contained the port, eg. with `X-Forwarded-Host: hostname:8080` and `X-Forwarded-Port: 8080` headers

7
packages/astro/src/core/app/node.ts
View file

@ -66,7 +66,12 @@ export class NodeApp extends App {
const hostname = const hostname =
req.headers['x-forwarded-host'] ?? req.headers.host ?? req.headers[':authority']; req.headers['x-forwarded-host'] ?? req.headers.host ?? req.headers[':authority'];
const port = req.headers['x-forwarded-port']; const port = req.headers['x-forwarded-port'];
const url = `${protocol}://${hostname}${port ? `:${port}` : ''}${req.url}`;
const portInHostname =
typeof hostname === 'string' && typeof port === 'string' && hostname.endsWith(port);
const hostnamePort = portInHostname ? hostname : hostname + (port ? `:${port}` : '');
const url = `${protocol}://${hostnamePort}${req.url}`;
const options: RequestInit = { const options: RequestInit = {
method: req.method || 'GET', method: req.method || 'GET',
headers: makeRequestHeaders(req), headers: makeRequestHeaders(req),

20
packages/integrations/node/test/url.test.js
View file

@ -92,4 +92,24 @@ describe('URL', () => {
assert.equal($('body').text(), 'https://abc.xyz:444/'); assert.equal($('body').text(), 'https://abc.xyz:444/');
}); });
it('accepts port in forwarded host and forwarded port', async () => {
const { handler } = await import('./fixtures/url/dist/server/entry.mjs');
let { req, res, text } = createRequestAndResponse({
headers: {
'X-Forwarded-Proto': 'https',
'X-Forwarded-Host': 'abc.xyz:444',
'X-Forwarded-Port': '444',
},
url: '/',
});
handler(req, res);
req.send();
const html = await text();
const $ = cheerio.load(html);
assert.equal($('body').text(), 'https://abc.xyz:444/');
});
}); });