fix(proxy): replace changeOrigin changes in 5.3.0 with new rewriteWsO… · vitejs/vite@14c3d49 (original) (raw)

`@@ -27,20 +27,35 @@ export interface ProxyOptions extends HttpProxy.ServerOptions {

`

27

27

`res: http.ServerResponse,

`

28

28

`options: ProxyOptions,

`

29

29

`) => void | null | undefined | false | string

`

``

30

`+

/**

`

``

31

`+

• rewrite the Origin header of a WebSocket request to match the the target

`

``

32

`+

`

``

33

`+

• Exercise caution as rewriting the Origin can leave the proxying open to CSRF attacks.

`

``

34

`+

*/

`

``

35

`+

rewriteWsOrigin?: boolean | undefined

`

30

36

`}

`

31

37

``

32

``

`-

const setOriginHeader = (

`

``

38

`+

const rewriteOriginHeader = (

`

33

39

`proxyReq: http.ClientRequest,

`

34

``

`-

options: HttpProxy.ServerOptions,

`

``

40

`+

options: ProxyOptions,

`

``

41

`+

config: ResolvedConfig,

`

35

42

`) => {

`

36

43

`// Browsers may send Origin headers even with same-origin

`

37

44

`// requests. It is common for WebSocket servers to check the Origin

`

38

``

`-

// header, so if changeOrigin is true we change the Origin to match

`

``

45

`+

// header, so if rewriteWsOrigin is true we change the Origin to match

`

39

46

`// the target URL.

`

40

``

`-

// https://github.com/http-party/node-http-proxy/issues/1669

`

41

``

`-

if (options.changeOrigin) {

`

``

47

`+

if (options.rewriteWsOrigin) {

`

42

48

`const { target } = options

`

43

49

``

``

50

`+

if (proxyReq.headersSent) {

`

``

51

`+

config.logger.warn(

`

``

52

`+

colors.yellow(

`

``

53

`` +

Unable to rewrite Origin header as headers are already sent.,

``

``

54

`+

),

`

``

55

`+

)

`

``

56

`+

return

`

``

57

`+

}

`

``

58

+

44

59

`if (proxyReq.getHeader('origin') && target) {

`

45

60

`const changedOrigin =

`

46

61

`typeof target === 'object'

`

`@@ -112,12 +127,8 @@ export function proxyMiddleware(

`

112

127

`}

`

113

128

`})

`

114

129

``

115

``

`-

proxy.on('proxyReq', (proxyReq, req, res, options) => {

`

116

``

`-

setOriginHeader(proxyReq, options)

`

117

``

`-

})

`

118

``

-

119

130

`proxy.on('proxyReqWs', (proxyReq, req, socket, options, head) => {

`

120

``

`-

setOriginHeader(proxyReq, options)

`

``

131

`+

rewriteOriginHeader(proxyReq, options, config)

`

121

132

``

122

133

`socket.on('error', (err) => {

`

123

134

`config.logger.error(

`