vimeo
diff --git a/‎api-core/src/main/java/com/vimeo/networking2/config/RetrofitSetupModule.kt‎
Lines changed: 2 additions & 0 deletions b/‎api-core/src/main/java/com/vimeo/networking2/config/RetrofitSetupModule.kt‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎api-core/src/main/java/com/vimeo/networking2/internal/interceptor/HostValidationInterceptor.kt‎
Lines changed: 25 additions & 0 deletions b/‎api-core/src/main/java/com/vimeo/networking2/internal/interceptor/HostValidationInterceptor.kt‎
Lines changed: 25 additions & 0 deletions
@@ -27,6 +27,7 @@ import com.vimeo.networking2.ApiConstants
 import com.vimeo.networking2.internal.ErrorHandlingCallAdapterFactory
 import com.vimeo.networking2.internal.interceptor.AcceptHeaderInterceptor
 import com.vimeo.networking2.internal.interceptor.CacheControlHeaderInterceptor
+import com.vimeo.networking2.internal.interceptor.HostValidationInterceptor
 import com.vimeo.networking2.internal.interceptor.LanguageHeaderInterceptor
 import com.vimeo.networking2.internal.interceptor.UserAgentHeaderInterceptor
 import com.vimeo.networking2.internal.params.StringValueJsonAdapterFactory
@@ -62,6 +63,7 @@ object RetrofitSetupModule {
     @JvmStatic
     fun retrofit(vimeoApiConfiguration: VimeoApiConfiguration): Retrofit {
         val interceptors = mutableListOf(
+            HostValidationInterceptor(vimeoApiConfiguration),
             UserAgentHeaderInterceptor(vimeoApiConfiguration.compositeUserAgent),
             AcceptHeaderInterceptor(),
             LanguageHeaderInterceptor(vimeoApiConfiguration.locales)
 
@@ -0,0 +1,25 @@
+package com.vimeo.networking2.internal.interceptor
+
+import com.vimeo.networking2.config.VimeoApiConfiguration
+import okhttp3.HttpUrl
+import okhttp3.Interceptor
+import okhttp3.Response
+import okio.IOException
+
+/**
+ * An interceptor that ensures that only requests to the host specified in the [VimeoApiConfiguration] are made. This
+ * prevents unexpected requests from being made to other hosts.
+ *
+ * @param vimeoApiConfiguration The configuration used to determine the expected host.
+ */
+class HostValidationInterceptor(private val vimeoApiConfiguration: VimeoApiConfiguration) : Interceptor {
+    private val httpUrl = HttpUrl.parse(vimeoApiConfiguration.baseUrl)
+
+    override fun intercept(chain: Interceptor.Chain): Response =
+        if (chain.request().url().host() != httpUrl?.host()) {
+            throw IOException("Host must match specified base URL, was ${chain.request().url().host()}, " +
+                "expected ${httpUrl?.host()}")
+        } else {
+            chain.proceed(chain.request())
+        }
+}