fix(core): allow host headers with default ports

DASPRiD · DASPRiD · commit b6953e9dfca7 · 2025-11-06T16:06:57.000+01:00
diff --git a/packages/core/src/http/request.ts b/packages/core/src/http/request.ts
@@ -73,8 +73,9 @@ export class Parts {
         }
 
         const uri = new URL(`${protocol}://${host}${message.url}`);
+        const inferredPort = uri.port === "" ? (protocol === "http" ? "80" : "443") : uri.port;
 
-        if (uri.host !== host) {
+        if (uri.host !== host && `${uri.hostname}:${inferredPort}` !== host) {
             throw new Error(`Host injection discovered: ${host}`);
         }
 
diff --git a/packages/core/test/http/request.test.ts b/packages/core/test/http/request.test.ts
@@ -111,6 +111,15 @@ describe("http:request", () => {
                 /Host injection discovered: invalid@host/,
             );
         });
+
+        it("fromIncomingMessage throws no error on valid host with default port", () => {
+            const message = new IncomingMessage();
+            message.method = "GET";
+            message.headers["x-forwarded-proto"] = "http";
+            message.headers["x-forwarded-host"] = "proxy.com:80";
+
+            Parts.fromIncomingMessage(message, true);
+        });
     });
 
     describe("HttpRequest", () => {

Original file line number	Diff line number	Diff line change
`@@ -73,8 +73,9 @@ export class Parts {`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	const uri = new URL(`${protocol}://${host}${message.url}`);
	`76`	`+ const inferredPort = uri.port === "" ? (protocol === "http" ? "80" : "443") : uri.port;`
`76`	`77`
`77`		`- if (uri.host !== host) {`
	`78`	+ if (uri.host !== host && `${uri.hostname}:${inferredPort}` !== host) {
`78`	`79`	throw new Error(`Host injection discovered: ${host}`);
`79`	`80`	`}`
`80`	`81`