chore(options): change disableHostCheck and allowedHosts to firewall (#2715)

Author: knagaitsev

bin/cli-flags.js

@@ -105,12 +105,6 @@ module.exports = {
       describe: 'The port',
       group: CONNECTION_GROUP,
     },
-    {
-      name: 'disable-host-check',
-      type: Boolean,
-      describe: 'Will not check the host',
-      group: CONNECTION_GROUP,
-    },
     {
       name: 'public',
       type: String,
@@ -124,10 +118,10 @@ module.exports = {
       group: CONNECTION_GROUP,
     },
     {
-      name: 'allowed-hosts',
+      name: 'firewall',
       type: String,
       describe:
-        'A list of hosts that are allowed to access the dev server, separated by spaces',
+        'Enable/disable firewall, or set hosts that are allowed to access the dev server',
       group: CONNECTION_GROUP,
       multiple: true,
     },

bin/options.js

@@ -87,11 +87,6 @@ const options = {
     describe: 'The port',
     group: CONNECTION_GROUP,
   },
-  'disable-host-check': {
-    type: 'boolean',
-    describe: 'Will not check the host',
-    group: CONNECTION_GROUP,
-  },
   public: {
     type: 'string',
     describe: 'The public hostname/ip address of the server',
@@ -103,10 +98,10 @@ const options = {
     describe: 'The hostname/ip address the server will bind to',
     group: CONNECTION_GROUP,
   },
-  'allowed-hosts': {
+  firewall: {
     type: 'string',
     describe:
-      'A comma-delimited string of hosts that are allowed to access the dev server',
+      'Enable/disable firewall, or set hosts that are allowed to access the dev server',
     group: CONNECTION_GROUP,
   },
 };

examples/cli/public-protocol/webpack.config.js

@@ -10,6 +10,6 @@ module.exports = setup({
   devServer: {
     host: '0.0.0.0',
     public: 'https://localhost:8080',
-    disableHostCheck: true,
+    firewall: false,
   },
 });

lib/Server.js

@@ -686,8 +686,9 @@ class Server {
   }
 
   checkHeaders(headers, headerToCheck) {
-    // allow user to opt-out this security check, at own risk
-    if (this.options.disableHostCheck) {
+    // allow user to opt out of this security check, at their own risk
+    // by explicitly disabling firewall
+    if (!this.options.firewall) {
       return true;
     }
 
@@ -728,11 +729,11 @@ class Server {
       return true;
     }
 
-    const allowedHosts = this.options.allowedHosts;
+    const allowedHosts = this.options.firewall;
 
     // always allow localhost host, for convenience
     // allow if hostname is in allowedHosts
-    if (allowedHosts && allowedHosts.length) {
+    if (Array.isArray(allowedHosts) && allowedHosts.length) {
       for (let hostIdx = 0; hostIdx < allowedHosts.length; hostIdx++) {
         const allowedHost = allowedHosts[hostIdx];
 

lib/options.json

@@ -56,12 +56,6 @@
     }
   },
   "properties": {
-    "allowedHosts": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      }
-    },
     "bonjour": {
       "type": "boolean"
     },
@@ -99,8 +93,19 @@
     "dev": {
       "type": "object"
     },
-    "disableHostCheck": {
-      "type": "boolean"
+    "firewall": {
+      "anyOf": [
+        {
+          "type": "boolean"
+        },
+        {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "minItems": 1
+        }
+      ]
     },
     "headers": {
       "type": "object"
@@ -376,12 +381,11 @@
   },
   "errorMessage": {
     "properties": {
-      "allowedHosts": "should be {Array} (https://webpack.js.org/configuration/dev-server/#devserverallowedhosts)",
       "bonjour": "should be {Boolean} (https://webpack.js.org/configuration/dev-server/#devserverbonjour)",
       "client": "should be {Object} (https://webpack.js.org/configuration/dev-server/#devserverclient)",
       "compress": "should be {Boolean} (https://webpack.js.org/configuration/dev-server/#devservercompress)",
       "dev": "should be {Object} (https://webpack.js.org/configuration/dev-server/#devserverdev-)",
-      "disableHostCheck": "should be {Boolean} (https://webpack.js.org/configuration/dev-server/#devserverdisablehostcheck)",
+      "firewall": "should be {Boolean|Array} (https://webpack.js.org/configuration/dev-server/#devserverfirewall)",
       "headers": "should be {Object} (https://webpack.js.org/configuration/dev-server/#devserverheaders)",
       "historyApiFallback": "should be {Boolean|Object} (https://webpack.js.org/configuration/dev-server/#devserverhistoryapifallback)",
       "host": "should be {String|Null} (https://webpack.js.org/configuration/dev-server/#devserverhost)",

lib/utils/createConfig.js

@@ -24,10 +24,6 @@ function createConfig(config, argv, { port }) {
     options.host = 'localhost';
   }
 
-  if (argv.allowedHosts) {
-    options.allowedHosts = argv.allowedHosts.split(',');
-  }
-
   if (argv.public) {
     options.public = argv.public;
   }
@@ -103,8 +99,16 @@ function createConfig(config, argv, { port }) {
     options.compress = true;
   }
 
-  if (argv.disableHostCheck) {
-    options.disableHostCheck = true;
+  if (argv.firewall === '') {
+    // the user provided --firewall, indicating that they want it enabled
+    options.firewall = true;
+  } else if (argv.firewall === false) {
+    options.firewall = false;
+  } else if (typeof argv.firewall === 'string') {
+    options.firewall = [argv.firewall];
+  } else if (argv.firewall) {
+    // argv.firewall is an array
+    options.firewall = argv.firewall;
   }
 
   if (argv.openPage) {

lib/utils/normalizeOptions.js

@@ -102,6 +102,11 @@ function normalizeOptions(compiler, options) {
   }`;
 
   options.dev = options.dev || {};
+
+  if (typeof options.firewall === 'undefined') {
+    // firewall is enabled by default
+    options.firewall = true;
+  }
 }
 
 module.exports = normalizeOptions;

test/Validation.test.js

@@ -77,10 +77,10 @@ describe('Validation', () => {
       });
     });
 
-    it('should always allow any host if options.disableHostCheck is set', () => {
+    it('should always allow any host if options.firewall is disabled', () => {
       const options = {
         public: 'test.host:80',
-        disableHostCheck: true,
+        firewall: false,
       };
 
       const headers = {
@@ -175,10 +175,10 @@ describe('Validation', () => {
       }
     });
 
-    describe('allowedHosts', () => {
-      it('should allow hosts in allowedHosts', () => {
+    describe('firewall', () => {
+      it('should allow hosts in firewall', () => {
         const tests = ['test.host', 'test2.host', 'test3.host'];
-        const options = { allowedHosts: tests };
+        const options = { firewall: tests };
         server = new Server(compiler, options);
         tests.forEach((test) => {
           const headers = { host: test };
@@ -188,8 +188,8 @@ describe('Validation', () => {
         });
       });
 
-      it('should allow hosts that pass a wildcard in allowedHosts', () => {
-        const options = { allowedHosts: ['.example.com'] };
+      it('should allow hosts that pass a wildcard in firewall', () => {
+        const options = { firewall: ['.example.com'] };
         server = new Server(compiler, options);
         const tests = [
           'www.example.com',

test/__snapshots__/Validation.test.js.snap

@@ -39,5 +39,5 @@ exports[`Validation validation should fail validation for invalid \`static\` con
 exports[`Validation validation should fail validation for no additional properties 1`] = `
 "Invalid configuration object. Object has been initialized using a configuration object that does not match the API schema.
  - configuration has an unknown property 'additional'. These properties are valid:
-   object { allowedHosts?, bonjour?, client?, compress?, dev?, disableHostCheck?, headers?, historyApiFallback?, host?, hot?, http2?, https?, injectClient?, injectHot?, liveReload?, onAfterSetupMiddleware?, onBeforeSetupMiddleware?, onListening?, open?, openPage?, overlay?, port?, profile?, progress?, proxy?, public?, static?, transportMode?, useLocalIp? }"
+   object { bonjour?, client?, compress?, dev?, firewall?, headers?, historyApiFallback?, host?, hot?, http2?, https?, injectClient?, injectHot?, liveReload?, onAfterSetupMiddleware?, onBeforeSetupMiddleware?, onListening?, open?, openPage?, overlay?, port?, profile?, progress?, proxy?, public?, static?, transportMode?, useLocalIp? }"
 `;

test/e2e/ClientOptions.test.js

@@ -30,7 +30,7 @@ describe('sockjs client proxy', () => {
       compress: true,
       port: port1,
       host: '0.0.0.0',
-      disableHostCheck: true,
+      firewall: false,
       hot: true,
     };
     testServer.startAwaitingCompilation(config, options, done);
@@ -102,7 +102,7 @@ describe('ws client proxy', () => {
       compress: true,
       port: port1,
       host: '0.0.0.0',
-      disableHostCheck: true,
+      firewall: false,
       hot: true,
       public: 'myhost',
     };

test/fixtures/schema/webpack.config.no-dev-stats.js

@@ -17,7 +17,7 @@ module.exports = {
     https: '_https',
     historyApiFallback: '_historyApiFallback',
     compress: '_compress',
-    disableHostCheck: '_disableHostCheck',
+    firewall: '_firewall',
     open: '_open',
     openPage: '_openPage',
     useLocalIp: '_useLocalIp',

test/options.test.js

@@ -126,10 +126,6 @@ describe('options', () => {
         success: [() => {}],
         failure: [false],
       },
-      allowedHosts: {
-        success: [[], ['']],
-        failure: [[false], false],
-      },
       bonjour: {
         success: [false],
         failure: [''],
@@ -245,9 +241,9 @@ describe('options', () => {
         ],
         failure: [''],
       },
-      disableHostCheck: {
-        success: [true],
-        failure: [''],
+      firewall: {
+        success: [true, false, ['']],
+        failure: ['', []],
       },
       headers: {
         success: [{}],

test/server/utils/__snapshots__/createConfig.test.js.snap

@@ -1,31 +1,5 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`createConfig allowedHosts option (devServer config) 1`] = `
-Object {
-  "allowedHosts": Array [
-    ".host.com",
-    "host2.com",
-  ],
-  "dev": Object {},
-  "host": "localhost",
-  "hot": true,
-  "port": 8080,
-}
-`;
-
-exports[`createConfig allowedHosts option 1`] = `
-Object {
-  "allowedHosts": Array [
-    ".host.com",
-    "host2.com",
-  ],
-  "dev": Object {},
-  "host": "localhost",
-  "hot": true,
-  "port": 8080,
-}
-`;
-
 exports[`createConfig bonjour option (devServer config) 1`] = `
 Object {
   "bonjour": true,
@@ -102,20 +76,66 @@ Object {
 }
 `;
 
-exports[`createConfig disableHostCheck option (in devServer config) 1`] = `
+exports[`createConfig firewall option (boolean false) 1`] = `
+Object {
+  "dev": Object {},
+  "firewall": false,
+  "host": "localhost",
+  "hot": true,
+  "port": 8080,
+}
+`;
+
+exports[`createConfig firewall option (boolean in devServer config) 1`] = `
 Object {
   "dev": Object {},
-  "disableHostCheck": true,
+  "firewall": true,
   "host": "localhost",
   "hot": true,
   "port": 8080,
 }
 `;
 
-exports[`createConfig disableHostCheck option 1`] = `
+exports[`createConfig firewall option (boolean true) 1`] = `
 Object {
   "dev": Object {},
-  "disableHostCheck": true,
+  "firewall": true,
+  "host": "localhost",
+  "hot": true,
+  "port": 8080,
+}
+`;
+
+exports[`createConfig firewall option (empty string) 1`] = `
+Object {
+  "dev": Object {},
+  "firewall": true,
+  "host": "localhost",
+  "hot": true,
+  "port": 8080,
+}
+`;
+
+exports[`createConfig firewall option (string array in devServer config) 1`] = `
+Object {
+  "dev": Object {},
+  "firewall": Array [
+    ".host.com",
+    "host2.com",
+  ],
+  "host": "localhost",
+  "hot": true,
+  "port": 8080,
+}
+`;
+
+exports[`createConfig firewall option (string array) 1`] = `
+Object {
+  "dev": Object {},
+  "firewall": Array [
+    ".host.com",
+    "host2.com",
+  ],
   "host": "localhost",
   "hot": true,
   "port": 8080,