webpack-dev-server 3.1.10 → 3.1.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +45 -0
- package/bin/options.js +3 -1
- package/lib/Server.js +36 -8
- package/package.json +4 -2
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,51 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
|
4
4
|
|
|
5
|
+
<a name="3.1.14"></a>
|
|
6
|
+
## [3.1.14](https://github.com/webpack/webpack-dev-server/compare/v3.1.13...v3.1.14) (2018-12-24)
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
### Bug Fixes
|
|
10
|
+
|
|
11
|
+
* add workaround for Origin header in sockjs ([#1608](https://github.com/webpack/webpack-dev-server/issues/1608)) ([1dfd4fb](https://github.com/webpack/webpack-dev-server/commit/1dfd4fb))
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
<a name="3.1.13"></a>
|
|
16
|
+
## [3.1.13](https://github.com/webpack/webpack-dev-server/compare/v3.1.12...v3.1.13) (2018-12-22)
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
### Bug Fixes
|
|
20
|
+
|
|
21
|
+
* delete a comma for Node.js <= v7.x ([#1609](https://github.com/webpack/webpack-dev-server/issues/1609)) ([0bab1c0](https://github.com/webpack/webpack-dev-server/commit/0bab1c0))
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
<a name="3.1.12"></a>
|
|
26
|
+
## [3.1.12](https://github.com/webpack/webpack-dev-server/compare/v3.1.11...v3.1.12) (2018-12-22)
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
### Bug Fixes
|
|
30
|
+
|
|
31
|
+
* regression in `checkHost` for checking Origin header ([#1606](https://github.com/webpack/webpack-dev-server/issues/1606)) ([8bb3ca8](https://github.com/webpack/webpack-dev-server/commit/8bb3ca8))
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
|
|
35
|
+
<a name="3.1.11"></a>
|
|
36
|
+
## [3.1.11](https://github.com/webpack/webpack-dev-server/compare/v3.1.10...v3.1.11) (2018-12-21)
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
### Bug Fixes
|
|
40
|
+
|
|
41
|
+
* **bin/options:** correct check for color support (`options.color`) ([#1555](https://github.com/webpack/webpack-dev-server/issues/1555)) ([55398b5](https://github.com/webpack/webpack-dev-server/commit/55398b5))
|
|
42
|
+
* **package:** update `spdy` v3.4.1...4.0.0 (assertion error) ([#1491](https://github.com/webpack/webpack-dev-server/issues/1491)) ([#1563](https://github.com/webpack/webpack-dev-server/issues/1563)) ([7a3a257](https://github.com/webpack/webpack-dev-server/commit/7a3a257))
|
|
43
|
+
* **Server:** correct `node` version checks ([#1543](https://github.com/webpack/webpack-dev-server/issues/1543)) ([927a2b3](https://github.com/webpack/webpack-dev-server/commit/927a2b3))
|
|
44
|
+
* **Server:** mime type for wasm in contentBase directory ([#1575](https://github.com/webpack/webpack-dev-server/issues/1575)) ([#1580](https://github.com/webpack/webpack-dev-server/issues/1580)) ([fadae5d](https://github.com/webpack/webpack-dev-server/commit/fadae5d))
|
|
45
|
+
* add url for compatibility with webpack@5 ([#1598](https://github.com/webpack/webpack-dev-server/issues/1598)) ([#1599](https://github.com/webpack/webpack-dev-server/issues/1599)) ([68dd49a](https://github.com/webpack/webpack-dev-server/commit/68dd49a))
|
|
46
|
+
* check origin header for websocket connection ([#1603](https://github.com/webpack/webpack-dev-server/issues/1603)) ([b3217ca](https://github.com/webpack/webpack-dev-server/commit/b3217ca))
|
|
47
|
+
|
|
48
|
+
|
|
49
|
+
|
|
5
50
|
<a name="3.1.10"></a>
|
|
6
51
|
## [3.1.10](https://github.com/webpack/webpack-dev-server/compare/v3.1.9...v3.1.10) (2018-10-23)
|
|
7
52
|
|
package/bin/options.js
CHANGED
|
@@ -57,7 +57,9 @@ const options = {
|
|
|
57
57
|
type: 'boolean',
|
|
58
58
|
alias: 'colors',
|
|
59
59
|
default: function supportsColor() {
|
|
60
|
-
|
|
60
|
+
// Use `require('supports-color').stdout` for supports-color >= 5.0.0.
|
|
61
|
+
// See https://github.com/webpack/webpack-dev-server/pull/1555.
|
|
62
|
+
return require('supports-color').stdout;
|
|
61
63
|
},
|
|
62
64
|
group: DISPLAY_GROUP,
|
|
63
65
|
describe: 'Enables/Disables colors on the console'
|
package/lib/Server.js
CHANGED
|
@@ -20,6 +20,8 @@ const https = require('https');
|
|
|
20
20
|
const spdy = require('spdy');
|
|
21
21
|
const sockjs = require('sockjs');
|
|
22
22
|
|
|
23
|
+
const semver = require('semver');
|
|
24
|
+
|
|
23
25
|
const killable = require('killable');
|
|
24
26
|
|
|
25
27
|
const del = require('del');
|
|
@@ -41,13 +43,28 @@ const createCertificate = require('./utils/createCertificate');
|
|
|
41
43
|
const validateOptions = require('schema-utils');
|
|
42
44
|
const schema = require('./options.json');
|
|
43
45
|
|
|
46
|
+
// Workaround for sockjs@~0.3.19
|
|
47
|
+
// sockjs will remove Origin header, however Origin header is required for checking host.
|
|
48
|
+
// See https://github.com/webpack/webpack-dev-server/issues/1604 for more information
|
|
49
|
+
{
|
|
50
|
+
// eslint-disable-next-line global-require
|
|
51
|
+
const SockjsSession = require('sockjs/lib/transport').Session;
|
|
52
|
+
const decorateConnection = SockjsSession.prototype.decorateConnection;
|
|
53
|
+
SockjsSession.prototype.decorateConnection = function(req) {
|
|
54
|
+
decorateConnection.call(this, req);
|
|
55
|
+
const connection = this.connection;
|
|
56
|
+
if (connection.headers && !('origin' in connection.headers) && 'origin' in req.headers) {
|
|
57
|
+
connection.headers.origin = req.headers.origin;
|
|
58
|
+
}
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
|
|
44
62
|
// Workaround for node ^8.6.0, ^9.0.0
|
|
45
63
|
// DEFAULT_ECDH_CURVE is default to prime256v1 in these version
|
|
46
64
|
// breaking connection when certificate is not signed with prime256v1
|
|
47
65
|
// change it to auto allows OpenSSL to select the curve automatically
|
|
48
66
|
// See https://github.com/nodejs/node/issues/16196 for more infomation
|
|
49
|
-
|
|
50
|
-
if (version >= 8.6 && version < 10) {
|
|
67
|
+
if (semver.satisfies(process.version, '8.6.0 - 9')) {
|
|
51
68
|
tls.DEFAULT_ECDH_CURVE = 'auto';
|
|
52
69
|
}
|
|
53
70
|
|
|
@@ -131,6 +148,10 @@ function Server (compiler, options = {}, _log) {
|
|
|
131
148
|
// eslint-disable-next-line
|
|
132
149
|
const app = this.app = new express();
|
|
133
150
|
|
|
151
|
+
// ref: https://github.com/webpack/webpack-dev-server/issues/1575
|
|
152
|
+
// remove this when send@^0.16.3
|
|
153
|
+
express.static.mime.types.wasm = 'application/wasm';
|
|
154
|
+
|
|
134
155
|
app.all('*', (req, res, next) => {
|
|
135
156
|
if (this.checkHost(req.headers)) {
|
|
136
157
|
return next();
|
|
@@ -592,7 +613,7 @@ function Server (compiler, options = {}, _log) {
|
|
|
592
613
|
// - https://github.com/nodejs/node/issues/21665
|
|
593
614
|
// - https://github.com/webpack/webpack-dev-server/issues/1449
|
|
594
615
|
// - https://github.com/expressjs/express/issues/3388
|
|
595
|
-
if (version
|
|
616
|
+
if (semver.gte(process.version, '10.0.0')) {
|
|
596
617
|
this.listeningApp = https.createServer(options.https, app);
|
|
597
618
|
} else {
|
|
598
619
|
this.listeningApp = spdy.createServer(options.https, app);
|
|
@@ -625,21 +646,28 @@ Server.prototype.setContentHeaders = function (req, res, next) {
|
|
|
625
646
|
next();
|
|
626
647
|
};
|
|
627
648
|
|
|
628
|
-
Server.prototype.checkHost = function (headers) {
|
|
649
|
+
Server.prototype.checkHost = function (headers, headerToCheck) {
|
|
629
650
|
// allow user to opt-out this security check, at own risk
|
|
630
651
|
if (this.disableHostCheck) {
|
|
631
652
|
return true;
|
|
632
653
|
}
|
|
654
|
+
|
|
655
|
+
if (!headerToCheck) headerToCheck = 'host';
|
|
633
656
|
// get the Host header and extract hostname
|
|
634
657
|
// we don't care about port not matching
|
|
635
|
-
const hostHeader = headers
|
|
658
|
+
const hostHeader = headers[headerToCheck];
|
|
636
659
|
|
|
637
660
|
if (!hostHeader) {
|
|
638
661
|
return false;
|
|
639
662
|
}
|
|
640
663
|
|
|
641
664
|
// use the node url-parser to retrieve the hostname from the host-header.
|
|
642
|
-
const hostname = url.parse(
|
|
665
|
+
const hostname = url.parse(
|
|
666
|
+
// if hostHeader doesn't have scheme, add // for parsing.
|
|
667
|
+
/^(.+:)?\/\//.test(hostHeader) ? hostHeader : `//${hostHeader}`,
|
|
668
|
+
false,
|
|
669
|
+
true
|
|
670
|
+
).hostname;
|
|
643
671
|
// always allow requests with explicit IPv4 or IPv6-address.
|
|
644
672
|
// A note on IPv6 addresses:
|
|
645
673
|
// hostHeader will always contain the brackets denoting
|
|
@@ -720,8 +748,8 @@ Server.prototype.listen = function (port, hostname, fn) {
|
|
|
720
748
|
return;
|
|
721
749
|
}
|
|
722
750
|
|
|
723
|
-
if (!this.checkHost(connection.headers)) {
|
|
724
|
-
this.sockWrite([ connection ], 'error', 'Invalid Host header');
|
|
751
|
+
if (!this.checkHost(connection.headers) || !this.checkHost(connection.headers, 'origin')) {
|
|
752
|
+
this.sockWrite([ connection ], 'error', 'Invalid Host/Origin header');
|
|
725
753
|
|
|
726
754
|
connection.close();
|
|
727
755
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "webpack-dev-server",
|
|
3
|
-
"version": "3.1.
|
|
3
|
+
"version": "3.1.14",
|
|
4
4
|
"description": "Serves a webpack app. Updates the browser on changes.",
|
|
5
5
|
"bin": "bin/webpack-dev-server.js",
|
|
6
6
|
"main": "lib/Server.js",
|
|
@@ -44,12 +44,14 @@
|
|
|
44
44
|
"portfinder": "^1.0.9",
|
|
45
45
|
"schema-utils": "^1.0.0",
|
|
46
46
|
"selfsigned": "^1.9.1",
|
|
47
|
+
"semver": "^5.6.0",
|
|
47
48
|
"serve-index": "^1.7.2",
|
|
48
49
|
"sockjs": "0.3.19",
|
|
49
50
|
"sockjs-client": "1.3.0",
|
|
50
|
-
"spdy": "^
|
|
51
|
+
"spdy": "^4.0.0",
|
|
51
52
|
"strip-ansi": "^3.0.0",
|
|
52
53
|
"supports-color": "^5.1.0",
|
|
54
|
+
"url": "^0.11.0",
|
|
53
55
|
"webpack-dev-middleware": "3.4.0",
|
|
54
56
|
"webpack-log": "^2.0.0",
|
|
55
57
|
"yargs": "12.0.2"
|