UNPKG

host-validation

Version:

Node.js middleware to validate Host and Referer headers in HTTP requests and protect against DNS rebinding attacks.

github.com/brannondorsey/host-validation

brannondorsey/host-validation

33 lines (21 loc) 1.11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Host Validation CHANGELOG ## v2.0.1 - Improve performance in `isAllowed()` thanks to [Evan Hahn](https://github.com/EvanHahn) ([#6](https://github.com/brannondorsey/host-validation/pull/6)). ## v2.0.0 - Add custom error handler ([#1](https://github.com/brannondorsey/host-validation/issues/1)) - Change several error messages (this change required the breaking semver bump) - Add tests to improve testing coverage ## v1.2.0 - Add CI with `.travis.yml`. - Add test coverage with Coveralls. - Add `coverage` and `coveralls` npm tasks. - Fix missing "," syntax error in `example.js` and README. ## v1.1.0 - Server now responds to invalid Host/Referer requests with `403 Forbidden` instead of `401 Unauthorized` per [this discussion](https://stackoverflow.com/questions/49481293/what-is-the-most-appropriate-http-status-code-for-invalid-host-referer-request-h). - Add `CODE_OF_CONDUCT.md` - Remove commented-out code in `index.js` ## v1.0.1 - Update README - Update `tests.js`, server now closes. ## v1.0.0 Initial release. Supports Host and Referer validation via string matches and regular expressions.