Commit Graph

6 Commits

Author SHA1 Message Date
Alex Thillen 93e60f7b0e
add trusted-origins cli argument (#6319) 2023-07-19 14:04:03 -08:00
Asher b3b971480f
Support X-Forwarded-Host with multiple hosts
Closes #6215.
2023-05-17 11:51:05 -08:00
Asher 19bcd043d7
Add debug log for origin check (#6096)
Extracted host detection into a separate function to avoid multiple log
lines on each return and went with a thrown error to consolidate the
common log text.
2023-03-30 12:24:33 -05:00
Asher d477972c68
Add origin checks to web sockets (#6048)
* Move splitOnFirstEquals to util

I will be making use of this to parse the forwarded header.

* Type splitOnFirstEquals with two items

Also add some test cases.

* Check origin header on web sockets

* Update changelog with origin check

* Fix web sockets not closing with error code
2023-03-03 03:12:34 -06:00
Joe Previte 506d3f43ed
feat(http): keep slashes in queryParams in redirects (#4928)
* refactor(http): extract logic into constructRedirectPath

This allows us to easily test our redirect path construction logic where we get
the relative path, the query string and construct a redirect path.

By extracting this from `redirect`, we can easily test this logic in a unit
test.

I did this so we could test some logic where slashes in query strings should be
made human-friendly for users.

* feat(testing): add tests for constructRedirectPath

Co-authored-by: Asher <ash@coder.com>
2022-03-01 12:11:56 -07:00
Asher 4b4ec37880
Fix relative paths (#4594)
* Add tests for relativeRoot

* Remove path.posix.join

Since this is for file system paths it feels incorrect to use it on
URL paths as they are different in many ways.

* Rewrite cookie path logic

Before we relied on the client to resolve the base given to it by the
backend against the path.

Instead have the client pass that information along so we can resolve it
on the backend.  This means the client has to do less work.

* Do not remove out directory before watch

This is re-used for incremental compilation.

Also remove del since that was the only use (and we can use fs.rmdir in
the future if we need something like this).

* Remove unused function resolveBase
2021-12-08 15:52:15 -06:00