From 85e99928c48e505c84ff4285009deb542ffeed9e Mon Sep 17 00:00:00 2001 From: Michel Weststrate Date: Tue, 31 Mar 2020 11:14:34 +0100 Subject: [PATCH 1/3] Fix: allow Hermes Debugger to connect from Flipper This change reflects D20526486 by @rickhanlonii at Facebook: when Running Hermes Debugger from inside Flipper, the origin is localhost, but not the metro port. This fixes https://github.com/facebook/flipper/issues/660#issuecomment-606239984 --- .../commands/server/middleware/getSecurityHeadersMiddleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts b/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts index 498ce8b6f..66f84a531 100644 --- a/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts +++ b/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts @@ -17,7 +17,7 @@ export default function getSecurityHeadersMiddleware( // Block any cross origin request. if ( req.headers.origin && - req.headers.origin !== `http://localhost:${address.port}` + !req.headers.origin.match(/^https?:\/\/localhost:/) ) { next( new Error( From 17acbbf8cc68574dd0e0285996ee12d7d2154191 Mon Sep 17 00:00:00 2001 From: Michel Weststrate Date: Tue, 31 Mar 2020 11:33:55 +0100 Subject: [PATCH 2/3] Fixed compile errors --- .../server/middleware/getSecurityHeadersMiddleware.ts | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts b/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts index 66f84a531..a82c0f458 100644 --- a/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts +++ b/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts @@ -11,12 +11,9 @@ export default function getSecurityHeadersMiddleware( res: http.ServerResponse, next: (err?: any) => void, ) { - // @ts-ignore Property 'client' does not exist on type 'IncomingMessage', verify - const address = req.client.server.address(); - // Block any cross origin request. if ( - req.headers.origin && + typeof req.headers.origin === "string" && !req.headers.origin.match(/^https?:\/\/localhost:/) ) { next( From beb6d5329738aa03ff6de06408985fec86532d82 Mon Sep 17 00:00:00 2001 From: Michel Weststrate Date: Tue, 31 Mar 2020 11:40:25 +0100 Subject: [PATCH 3/3] Fix lint error --- .../commands/server/middleware/getSecurityHeadersMiddleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts b/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts index a82c0f458..5fedf4898 100644 --- a/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts +++ b/packages/cli/src/commands/server/middleware/getSecurityHeadersMiddleware.ts @@ -13,7 +13,7 @@ export default function getSecurityHeadersMiddleware( ) { // Block any cross origin request. if ( - typeof req.headers.origin === "string" && + typeof req.headers.origin === 'string' && !req.headers.origin.match(/^https?:\/\/localhost:/) ) { next(