Skip to content

Commit 5cb9f6e

Browse files
ojuschugh1ojuschugh1
committed
Fix dev server rejecting non-localhost hosts when using FX_PROFILER_HOST
1 parent 54536aa commit 5cb9f6e

File tree

2 files changed

+15
-8
lines changed

2 files changed

+15
-8
lines changed

CONTRIBUTING.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ If you'd like to use [profiler.firefox.com](https://profiler.firefox.com) via UR
9696
FX_PROFILER_HOST="0.0.0.0" yarn start
9797
```
9898

99-
You'll probably also want to add your non-localhost domains to the `allowedHosts` property in `server.js`.
99+
When using `FX_PROFILER_HOST="0.0.0.0"`, any hostname is allowed so you can access the profiler from other devices on your network. If you want to expose only a specific hostname instead, set `FX_PROFILER_HOST` to that hostname directly and it will be added to the allowed hosts automatically.
100100

101101
## Finding something to work on
102102

scripts/lib/dev-server.mjs

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -24,20 +24,27 @@ const EXTRA_HEADERS = {
2424
};
2525

2626
// Allowed hosts for dev server
27-
const ALLOWED_HOSTS = ['localhost', '.app.github.dev'];
27+
const BASE_ALLOWED_HOSTS = ['localhost', '.app.github.dev'];
2828

29-
function isHostAllowed(hostHeader) {
29+
function isHostAllowed(hostHeader, host) {
3030
if (!hostHeader) {
3131
return false;
3232
}
3333

34-
// Extract hostname without port
34+
// When binding to all interfaces, allow any host.
35+
if (host === '0.0.0.0') {
36+
return true;
37+
}
38+
3539
const hostname = hostHeader.split(':')[0];
3640

37-
// Check exact match or suffix match for wildcard patterns
38-
return ALLOWED_HOSTS.some((allowedHost) => {
41+
// Include the configured host in addition to the defaults.
42+
const allowedHosts = BASE_ALLOWED_HOSTS.includes(host)
43+
? BASE_ALLOWED_HOSTS
44+
: [...BASE_ALLOWED_HOSTS, host];
45+
46+
return allowedHosts.some((allowedHost) => {
3947
if (allowedHost.startsWith('.')) {
40-
// Wildcard pattern like '.app.github.dev'
4148
return hostname.endsWith(allowedHost);
4249
}
4350
return hostname === allowedHost;
@@ -75,7 +82,7 @@ export async function startDevServer(buildConfig, options = {}) {
7582
// Create HTTP server
7683
const server = http.createServer((req, res) => {
7784
// Validate Host header
78-
if (!isHostAllowed(req.headers.host)) {
85+
if (!isHostAllowed(req.headers.host, host)) {
7986
res.writeHead(403, { 'Content-Type': 'text/plain' });
8087
res.end('Invalid Host header');
8188
return;

0 commit comments

Comments
 (0)