mirror of
https://github.com/meteor/meteor.git
synced 2026-05-02 03:01:46 -04:00
b80e71fa15
`force-ssl`'s current `isLocalConnection` regex does not handle IPv4-mapped and/or IPv4-compatible IPv6 addresses, when checking if the connection is local. This means a local address of `::ffff:127.0.0.1` is being marked as non-local. These changes adjust the `isLocalConnection` regex to handle a wider range of localhost address representations. Fixes #9072.
33 lines
1.1 KiB
JavaScript
33 lines
1.1 KiB
JavaScript
import forwarded from 'forwarded-http';
|
|
|
|
// Determine if the connection is only over localhost. Both we
|
|
// received it on localhost, and all proxies involved received on
|
|
// localhost (supports "forwarded" and "x-forwarded-for").
|
|
const isLocalConnection = (req) => {
|
|
const localhostRegexp = /^\s*(.*127\.0\.0\.1|\[?::1\]?)\s*$/;
|
|
const request = Object.create(req);
|
|
request.connection = Object.assign(
|
|
{},
|
|
req.connection,
|
|
{ remoteAddress: req.connection.remoteAddress || req.socket.remoteAddress }
|
|
);
|
|
const forwardedParams = forwarded(request);
|
|
let isLocal = true;
|
|
Object.keys(forwardedParams.for).forEach((forKey) => {
|
|
if (!localhostRegexp.test(forKey)) {
|
|
isLocal = false;
|
|
}
|
|
});
|
|
return isLocal;
|
|
};
|
|
|
|
// Determine if the connection was over SSL at any point. Either we
|
|
// received it as SSL, or a proxy did and translated it for us.
|
|
const isSslConnection = (req) => {
|
|
const forwardedParams = forwarded(req);
|
|
return req.connection.pair
|
|
|| forwardedParams.proto && forwardedParams.proto.indexOf('https') !== -1;
|
|
};
|
|
|
|
export { isLocalConnection, isSslConnection };
|