Skip to content
This repository has been archived by the owner on Aug 3, 2023. It is now read-only.

[dev] disallow localhost as host #902

Closed
EverlastingBugstopper opened this issue Nov 22, 2019 · 4 comments
Closed

[dev] disallow localhost as host #902

EverlastingBugstopper opened this issue Nov 22, 2019 · 4 comments
Labels
feature Feature requests and suggestions
Milestone
wrangler dev

Comments

@EverlastingBugstopper
Copy link
Contributor

for now it rick rolls you so we should limit that behavior until we solve #901
@EverlastingBugstopper EverlastingBugstopper added the feature Feature requests and suggestions label Nov 22, 2019
@EverlastingBugstopper EverlastingBugstopper added this to the dev server milestone Nov 22, 2019
Closed
@johnelliott johnelliott mentioned this issue Mar 19, 2020
Closed
@jayphelps
Copy link

This nearly gave me a heart attack 🤣 I thought at first I had been hacked.

@EverlastingBugstopper
Copy link
Contributor Author

next release of the workers runtime will no longer rick roll and will provide a meaningful error message, so this issue should no longer be relevant 😄 #901 is still a good idea though i think

@kentonv
Copy link
Member

kentonv commented Jun 24, 2020

@jayphelps Sorry! My fault. I put in that code three years ago to catch people testing SSRF attacks on cloudflareworkers.com (trying to talk to "localhost" on our server, maybe hoping to find an unprotected internal service), but I guess with wrangler dev it's now much easier to hit it by accident.

@jayphelps
Copy link

Totally. No worries on my end at all. 👍

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature Feature requests and suggestions
Projects
None yet
Milestone
wrangler dev
Development

No branches or pull requests
3 participants
@jayphelps @kentonv @EverlastingBugstopper