Skip to content

fix(@angular/ssr): improve header validation logic#32622

Merged
alan-agius4 merged 1 commit intoangular:21.2.xfrom
alan-agius4:handle-validation-patch
Mar 2, 2026
Merged

fix(@angular/ssr): improve header validation logic#32622
alan-agius4 merged 1 commit intoangular:21.2.xfrom
alan-agius4:handle-validation-patch

Conversation

@alan-agius4
Copy link
Copy Markdown
Collaborator

@alan-agius4 alan-agius4 commented Feb 27, 2026

Updates the validateRequest function to correctly handle the allowedHost=true option.

@alan-agius4 alan-agius4 requested a review from dgp1130 February 27, 2026 09:06
@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer target: patch This PR is targeted for the next patch release labels Feb 27, 2026
@alan-agius4
fix(@angular/ssr): improve header validation logic
d78ace4 
Updates the `validateRequest` function to correctly handle the `allowedHost=true` option.
@alan-agius4 alan-agius4 force-pushed the handle-validation-patch branch from 53f59db to d78ace4 Compare February 27, 2026 09:59
dgp1130
dgp1130 approved these changes Feb 27, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@dgp1130 dgp1130 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: Is allowedHosts: true distinct from allowedHosts: ['*'], which could also be set via environment variable? Is there a reason to prefer this instead?

packages/angular/build/src/tools/vite/middlewares/ssr-middleware.ts

// Disable host check if allowed hosts is true meaning allow all hosts.
const { allowedHosts } = server.config.server;
const disableAllowedHostsCheck = allowedHosts === true;
Copy link
Copy Markdown
Collaborator

@dgp1130 dgp1130 Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider framing this in the positive like:

const checkAllowedHosts = Array.isArray(allowedHosts);

As positive conditionals can often be easier to reason about.

@alan-agius4
Copy link
Copy Markdown
Collaborator Author

alan-agius4 commented Feb 27, 2026
edited
Loading

‘allowedHosts: ['*']’ is not supported, and ‘allowedHost=true` is already an option supported by Vite.

@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Mar 2, 2026
@alan-agius4 alan-agius4 merged commit 43a9dfa into angular:21.2.x Mar 2, 2026
34 of 35 checks passed
@alan-agius4
Copy link
Copy Markdown
Collaborator Author

alan-agius4 commented Mar 2, 2026

This PR was merged into the repository. The changes were merged into the following branches:

@alan-agius4 alan-agius4 deleted the handle-validation-patch branch March 2, 2026 07:47
@angular-automatic-lock-bot
Copy link
Copy Markdown

angular-automatic-lock-bot bot commented Apr 2, 2026

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Apr 2, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dgp1130 dgp1130 dgp1130 approved these changes

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: @angular/ssr target: patch This PR is targeted for the next patch release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alan-agius4 @dgp1130