Whitelist all IP-address-like hosts names by default in checkHost #931
Comments
orteth01
changed the title
usefulthink
added a commit
to usefulthink/webpack-dev-server
that referenced
this issue
Jul 24, 2017
This patch will allow any requests made using an IP-address to always pass the checkHost-test. IP-addresses are not susceptible to a dns-rebind like attack so it would make sense to not block them to make local-network development possible without needing to disable the host-checks entirely. fixes webpack#931
shellscape
pushed a commit
that referenced
this issue
Jul 27, 2017
* Always allow requests with IP-address as host in checkHost() This patch will allow any requests made using an IP-address to always pass the checkHost-test. IP-addresses are not susceptible to a dns-rebind like attack so it would make sense to not block them to make local-network development possible without needing to disable the host-checks entirely. fixes #931 * use 'ip'-module to handle ip-address validation. As per @shellscape's comment, switch to the [ip](https://npmjs.com/package/ip)-module to do validation of ip-address-format.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
the problem:
Essentially, users desire the ability to whitelist certain IP addresses so that colleagues can access their dev server to view their work. However, they'd prefer to not have to specify each individual allowed IP.
the solution from @edmorley:
"it should be safe to whitelist all IP-addresses-like hosts names by default, which would save people having to whitelist them manually."
The text was updated successfully, but these errors were encountered: