8x48/homepage
1
0
Fork 0
mirror of https://github.com/gethomepage/homepage.git synced 2026-01-07 07:52:08 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Enhancement: allow disabling host header checking (#4967)

Browse Source
This commit is contained in:
shamoon
2025-03-15 07:14:41 -07:00
committed by GitHub
parent 9d40b67d49
commit 16c1b2da9b
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/middleware.js
View File

@@ -4,11 +4,11 @@ export function middleware(req) {
// Check the Host header, if HOMEPAGE_ALLOWED_HOSTS is set
const host = req.headers.get("host");
const port = process.env.PORT || 3000;
let allowedHosts = [`localhost:${port}`, `127.0.0.1:${port}`];
const allowAll = process.env.HOMEPAGE_ALLOWED_HOSTS === "*";
if (process.env.HOMEPAGE_ALLOWED_HOSTS) {
allowedHosts = allowedHosts.concat(process.env.HOMEPAGE_ALLOWED_HOSTS.split(","));
}
if (!host || !allowedHosts.includes(host)) {
if (!allowAll && (!host || !allowedHosts.includes(host))) {
// eslint-disable-next-line no-console
console.error(
`Host validation failed for: ${host}. Hint: Set the HOMEPAGE_ALLOWED_HOSTS environment variable to allow requests from this host / port.`,