-
Notifications
You must be signed in to change notification settings - Fork 26.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hostname of request object in middleware is always 'localhost' #37536
Comments
From what I can tell this was introduced in 12.0.8. With 12.0.7 I get the real hostname in |
So both hostname and port can be changed by passing the flags to the Example: If you configure The relevant documentation is here, but it could be improved: |
Thanks @balazsorban44 but for my use case I depend on being able to get the actual hostname that the request uses. It's often the case that a website can be reached through more than one hostname, and for me that information is important. My use case aside, I think most people would expect a request object to reflect the actual request URL, not a URL that is constructed from the application config. |
agree on what @hannesl said. for me, inserting hostname via env var doesn't feel far from manually choosing which domain would be stored in an access log with an if statement inside of our code. as hannesl said, sometimes we don't even know which domain would be used because there could be multiple domains connected to a single server, or you may change the domain someday, and what so ever. we don't configure domains inside of our code neither inside of our docker container, it's usually done outside of our application level. so env var trick might be a workaround for now, but definitely not a solution for this issue. |
The problem is that the only way to detect the host is through the request's headers, which could be forged and thus makes it unreliable. |
well.. I think even a fake hostname is still way better than "localhost". |
The request headers are actually not overwritten like function withHostFromHeaders(middleware) {
return (...args) => {
let { nextUrl, headers, url } = args[0]
nextUrl.host = headers.get("Host") ?? nextUrl.host
url = nextUrl.href
return middleware(...args)
}
}
export default withHostFromHeaders((req) => {
const { url, nextUrl } = req
console.log({ nextUrl, url })
}) |
Thanks @balazsorban44 ! Just using |
Understandable, but this is to increase security when hosting outside of Vercel, as you may understand. Closing with the above suggestion #37536 (comment). Again, use it with care, only if you trust your proxy. |
This closed issue has been automatically locked because it had no new activity for a month. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you. |
Verify canary release
Provide environment information
What browser are you using? (if relevant)
No response
How are you deploying your application? (if relevant)
No response
Describe the Bug
(I edited local
/etc/hosts
file to reproduce the issue, but the same issue happens even when I deploy an app and connect a domain to that.)Whatever domain is being used,
request
object, which is an input of a middleware function, always has"localhost"
as its hostname.I use middleware to store all the access logs to an ES storage. Because
request.url
orrequest.nextUrl
always has '"localhost"' as its hostname, I cannot distinguishstage.something.com
fromsomething.com
ordev.something.com
.Expected Behavior
It should has the actual URL information. (in the example above, hostname should be
test.domain.ai
).To Reproduce
npx create-next-app@latest --typescript
/etc/hosts
test.domain.ai
from any web browserThe text was updated successfully, but these errors were encountered: