Commit 69fe96c
committed
fix: improve allowed host validation to handle ports correctly
>>
>> - Added proper host and port parsing without using urlparse
>> - Normalized incoming host by removing protocol and path
>> - Updated allowed host matching logic with clear rules:
>>
>> 1. host (example.com)
>> - allows requests from the host with or without ports
>>
>> 2. host:* (example.com:*)
>> - explicitly allows any port for that host
>>
>> 3. host:port (example.com:443)
>> - allows only the exact specified port
>>
>> - Prevented incorrect matches when specific ports are configured
>> - Improved transport security host validation consistency
>> - Keeps logic compatible with proxy environments (e.g. Heroku)
>>
>> This fixes cases where:
>> - hosts without ports were incorrectly rejected
>> - port-specific allowed hosts did not enforce strict matching1 parent 688c6e3 commit 69fe96c
1 file changed
+42
-7
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| 50 | + | |
50 | 51 | | |
51 | 52 | | |
52 | | - | |
53 | | - | |
| 53 | + | |
54 | 54 | | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
55 | 72 | | |
56 | | - | |
57 | 73 | | |
58 | | - | |
59 | | - | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
60 | 77 | | |
61 | | - | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
62 | 97 | | |
63 | | - | |
| 98 | + | |
64 | 99 | | |
65 | 100 | | |
66 | 101 | | |
| |||
0 commit comments