Skip to first unread message
Evan Tahler
Oct 29, 2016, 5:15:06 PM10/29/16
to actionHero.js
https://github.com/evantahler/actionhero/releases/tag/v15.1.5
ActionHero now allows you to define a collection of host headers which this API server will allow access from. You can set these via api.config.servers.web.allowedRequestHosts. If the Hostheader of a client does not match one of those listed (protocol counts!), they will be redirected to the first one present.
You can also set process.env.ALLOWED_HOSTS which will be parsed as a comma-separated list of Hosts which will set api.config.servers.web.allowedRequestHosts
By @evantahler via #973
---
V15.1.5 fixes a bug introduced with v15.1.4 which was improperly detecting client protocols (http vs https) when using the new api.config.servers.web.allowedRequestHosts host restrictions.
Reply all
Reply to author
Forward
0 new messages