host-validation icon indicating copy to clipboard operation
host-validation copied to clipboard

Published 20 hours ago verified publisher icon brannondorsey

Why not validate request.hostname?

Open jacobg opened this issue 2 years ago • 0 comments

This middleware is nice, but it doesn't seem to work with app.set('trust proxy', true). In such a case, the header to validate would be x-forwarded-host. request.hostname will populate with host header if not trusting proxy, and x-forwarded-for if trusted.

jacobg avatar Mar 01 '23 18:03 jacobg