fix(proxy): replace changeOrigin changes in 5.3.0 with new rewriteWsOrigin option#17563
fix(proxy): replace changeOrigin changes in 5.3.0 with new rewriteWsOrigin option#17563bluwy merged 4 commits intovitejs:mainfrom
Conversation
- Revert changeOrigin behaviour - Introduce rewriteWsOrigin option - Only use rewriteWsOrigin in ws requests - Update docs
- Check for headersSent before rewriting Origin - Log warning if fails
|
|
|
Maybe a |
I haven't seen a use case for that yet, and given rewriting the Origin has security implications I'd prefer to not implement. If a need arises later we could revisit it. |
I have seen this use case: Due to the diversity in HTTP implementation, compared to WebSocket, HTTP has more use cases where Origin checking is necessary. |
bluwy
left a comment
There was a problem hiding this comment.
LGTM. Would also like @sapphi-red's eye on this in case I miss something
@pfdgithub I'm leaning towards fixing the regression first and we could revisit if we need rewriteHttpOrigin later. Since this introduces a new option, we'd need the team's opinion on this first, and introducing 2 new options may be more complicated.
The 'rewriteHttpOrigin' option is not required, there are other ways to implement it. |
sapphi-red
left a comment
There was a problem hiding this comment.
LGTM, thanks for the PR!
Re rewriteHttpOrigin, I think we should have it if we have rewriteWsOrigin for consistency. (I'm fine with doing that in a separate PR)
Description
fixes #17562
fixes #17520
This PR reverts the change to the changeOrigin option released in 5.3.0 and adds an alternative solution:
rewriteWsOriginoption which rewrites the Origin header for WebSocket requests onlyheadersSentprior to rewriting, logging a warning if it does not rewrite