jens/flipper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add localhost as a valid host

Browse Source 
Summary: ^

Reviewed By: passy

Differential Revision: D46393661

fbshipit-source-id: eeaa0971a747d6435a10c3eb27969bb452cd73a7
This commit is contained in:
Lorenzo Blasa
2023-06-02 09:35:32 -07:00
committed by Facebook GitHub Bot
parent e8e1a32e48
commit 80c201b10f
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
desktop/flipper-server-core/src/server/startServer.tsx
View File

@@ -242,12 +242,14 @@ async function startProxyServer(
* @returns Returns the created WS. * @returns Returns the created WS.
*/ */
function addWebsocket(server: http.Server, config: Config) { function addWebsocket(server: http.Server, config: Config) {
const localhost = 'localhost';
const localhostIPV4 = `localhost:${config.port}`; const localhostIPV4 = `localhost:${config.port}`;
const localhostIPV6 = `[::1]:${config.port}`; const localhostIPV6 = `[::1]:${config.port}`;
const localhostIPV6NoBrackets = `::1:${config.port}`; const localhostIPV6NoBrackets = `::1:${config.port}`;
const localhostIPV4Electron = 'localhost:3000'; const localhostIPV4Electron = 'localhost:3000';
const possibleHosts = [ const possibleHosts = [
localhost,
localhostIPV4, localhostIPV4,
localhostIPV6, localhostIPV6,
localhostIPV6NoBrackets, localhostIPV6NoBrackets,
@@ -264,12 +266,14 @@ function addWebsocket(server: http.Server, config: Config) {
req.headers.host && req.headers.host &&
possibleHosts.includes(req.headers.host) possibleHosts.includes(req.headers.host)
) { ) {
// no origin header? The request is not originating from a browser, so should be OK to pass through // No origin header? The request is not originating from a browser, so should be OK to pass through
// If origin matches our own address, it means we are serving the page. // If origin matches our own address, it means we are serving the page.
// Need the token or know that is UDS.
return process.env.SKIP_TOKEN_VERIFICATION ? true : verifyAuthToken(req); return process.env.SKIP_TOKEN_VERIFICATION ? true : verifyAuthToken(req);
} else { } else {
// for now we don't allow cross origin request, so that an arbitrary website cannot try to // For now we don't allow cross origin request, so that an arbitrary website cannot try to
// connect a socket to localhost:serverport, and try to use the all powerful Flipper APIs to read // connect a socket to localhost:serverport, and try to use the all powerful Flipper APIs to read
// for example files. // for example files.
// Potentially in the future we do want to allow this, e.g. if we want to connect to a local flipper-server // Potentially in the future we do want to allow this, e.g. if we want to connect to a local flipper-server