Skip to content

Validate Host header against allowedDomains#15473

Merged
matthewp merged 1 commit into
mainfrom
fix/validate-host-header
Feb 11, 2026
Merged

Validate Host header against allowedDomains#15473
matthewp merged 1 commit into
mainfrom
fix/validate-host-header

Conversation

@matthewp

@matthewp matthewp commented Feb 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Changes

  • Add Host header validation against configured allowedDomains
  • Rename rewrite-forwarded-headers.ts to validate-headers.ts since it does host validation now too.
  • In Node adapter, read error page from disk to prevent going to network.

Testing

Docs

N/A, bug fix

@github-actions github-actions Bot added pkg: integration Related to any renderer integration (scope) pkg: astro Related to the core `astro` package (scope) labels Feb 11, 2026
@changeset-bot

changeset-bot Bot commented Feb 11, 2026
edited
Loading

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: d1964ba

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@codspeed-hq

codspeed-hq Bot commented Feb 11, 2026
edited
Loading

Copy link
Copy Markdown

Merging this PR will not alter performance

✅ 9 untouched benchmarks

Comparing fix/validate-host-header (d1964ba) with main (ee7e53f)1

Open in CodSpeed

Footnotes

  1. No successful run was found on main (e1aa3f3) during the generation of this report, so ee7e53f was used instead as the comparison base. There might be some changes unrelated to this pull request in this report.

@matthewp matthewp changed the base branch from main to 5-legacy February 11, 2026 16:45
@matthewp matthewp changed the base branch from 5-legacy to main February 11, 2026 16:46
@matthewp
Validate Host header against allowedDomains
d1964ba 
- Add Host header validation against configured allowedDomains
- Rename validate-forwarded-headers.ts to validate-headers.ts
- Read error pages from disk first before falling back to experimentalErrorPageHost
- Update test fixtures with appropriate allowedDomains configuration
@matthewp matthewp force-pushed the fix/validate-host-header branch from ec9b9d9 to d1964ba Compare February 11, 2026 17:21
@matthewp matthewp marked this pull request as ready for review February 11, 2026 20:05
@matthewp matthewp merged commit d653b86 into main Feb 11, 2026
27 checks passed
@matthewp matthewp deleted the fix/validate-host-header branch February 11, 2026 20:05
This was referenced Feb 11, 2026
Merged
Closed
@ayame113 ayame113 mentioned this pull request Mar 2, 2026
Closed
1 task
@astrobot-houston astrobot-houston mentioned this pull request Mar 2, 2026
Closed
1 task
@kytta kytta mentioned this pull request Mar 14, 2026
Merged
fengelniederhammer added a commit to GenSpectrum/dashboards that referenced this pull request Mar 26, 2026
@fengelniederhammer
fix(website): configure security.allowedDomains
d284516 
Necessary due to the change in withastro/astro#15473
fengelniederhammer added a commit to GenSpectrum/dashboards that referenced this pull request Apr 1, 2026
@fengelniederhammer
fix(website): configure security.allowedDomains
2bef7bb 
Necessary due to the change in withastro/astro#15473
fengelniederhammer added a commit to GenSpectrum/dashboards that referenced this pull request Apr 2, 2026
@fengelniederhammer
fix(website): configure security.allowedDomains (#1128)
5d4ce2a 
Necessary due to the change in withastro/astro#15473
@astrobot-houston astrobot-houston mentioned this pull request May 20, 2026
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

pkg: astro Related to the core `astro` package (scope) pkg: integration Related to any renderer integration (scope)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@matthewp