inspector: report client-visible host and port#19664
inspector: report client-visible host and port#19664eugeneo merged 1 commit intonodejs:masterfrom eugeneo:report-host-port
Conversation
nodejs-github-bot
added
c++
There was a problem hiding this comment.
Can you line these two arguments up with the first one.
|
I’m not sure what to feel about this. It feels almost like an XSS vector, but using HTTP headers. |
Can you clarify? In my opinion, it is the opposite - less information (that the remote party may not already know) is provided. Before this patch, the response would show an actual IP in case of remote connection. |
|
Fair enough. |
|
Did a second CI run: https://ci.nodejs.org/job/node-test-commit/17358/ No relevant failures detected (one failure from the first run was not detected in the second run and seems unlikely to have been caused by the change) |
Node instance may not know the real host and port user sees when debug frontend connects through the SSH tunnel. This change fixes '/json/list' response by using the value client provided in the host header. PR-URL: #19664 Reviewed-By: Tiancheng "Timothy" Gu <[email protected]>
Node instance may not know the real host and port user sees when debug frontend connects through the SSH tunnel. This change fixes '/json/list' response by using the value client provided in the host header. PR-URL: #19664 Reviewed-By: Tiancheng "Timothy" Gu <[email protected]>
TimothyGu
added
the
inspector
5 participants
Node instance may not know the real host and port user sees when
debug frontend connects through the SSH tunnel. This change fixes
'/json/list' response by using the value client provided in the host
header.
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes