fix: allow debugger to connect with custom hosts #2404
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Amazing, makes sense! Thanks for contribution! Is there anything blocking you from making this PR ready for review? |
|
Hey @szymonrybczak, I just wanted to do a quick test in a clean repo. Seems to work well so happy for this to be reviewed now! |
szymonrybczak
approved these changes
Jun 5, 2024
thymikee
reviewed
Jun 5, 2024
Comment on lines
20
to
48
| it('it should block requests from different origins', () => { | ||
| req.headers.origin = 'https://example.com'; | ||
| const middleware = securityHeadersMiddleware({}); | ||
| middleware(req, res, next); | ||
| expect(next).toHaveBeenCalledWith(expect.any(Error)); | ||
| }); | ||
|
|
||
| it('it should allow requests from localhost', () => { | ||
| req.headers.origin = 'http://localhost:3000'; | ||
| const middleware = securityHeadersMiddleware({}); | ||
| middleware(req, res, next); | ||
| expect(next).toHaveBeenCalled(); | ||
| }); | ||
|
|
||
| it('it should allow requests from devtools', () => { | ||
| req.headers.origin = 'devtools://devtools'; | ||
| const middleware = securityHeadersMiddleware({}); | ||
| middleware(req, res, next); | ||
| expect(next).toHaveBeenCalled(); | ||
| }); | ||
|
|
||
| it('it should allow requests from custom host if provided in options', () => { | ||
| req.headers.origin = 'http://customhost.com'; | ||
| const middleware = securityHeadersMiddleware({host: 'customhost.com'}); | ||
| middleware(req, res, next); | ||
| expect(next).toHaveBeenCalled(); | ||
| }); | ||
|
|
||
| it('it should block requests from custom host if provided in options but not matching', () => { |
There was a problem hiding this comment.
very minor nit: all test titles start with "it" which is kinda redundant 😅
There was a problem hiding this comment.
Oh good shout. Will fix that up!
thymikee
approved these changes
Jun 5, 2024
|
Thanks for the reviews folks! Have cleaned up the test titles and rebased |
|
Thank you for the contribution @Jesse-Cameron! 🙌🏼 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
Experimental debugger support for custom hostnames.
Currently the experimental debugger rejects all requests that don't come from the
localhosthostname. We are using the--hostflag when starting the react native. It would be good if the debugger supported this.see: #2396
Test Plan:
I have manually tested this PR in a clean project using:
npm react-native start --experimental-debugger --host 0.0.0.0(after linking packages locally)
Checklist