fix: followup of #4985, allow same-site ws requests of any domain

vuejs · Feb 4, 2020 · a903d65 · a903d65
1 parent 773f8a4
commit a903d65
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/packages/@vue/cli/lib/ui.js b/packages/@vue/cli/lib/ui.js
@@ -2,6 +2,17 @@ const { log, error, openBrowser } = require('@vue/cli-shared-utils')
 const { portfinder, server } = require('@vue/cli-ui/server')
 const shortid = require('shortid')
 
+function simpleCorsValidation (allowedHost) {
+  return function (req, socket) {
+    const { host, origin } = req.headers
+    const hostRegExp = new RegExp(`${host}|${allowedHost}|localhost`)
+
+    if (!origin || !hostRegExp.test(origin)) {
+      socket.destroy()
+    }
+  }
+}
+
 async function ui (options = {}, context = process.cwd()) {
   const host = options.host || 'localhost'
 
@@ -69,12 +80,7 @@ async function ui (options = {}, context = process.cwd()) {
     }
   })
 
-  httpServer.on('upgrade', (req, socket) => {
-    const { origin } = req.headers
-    if (!origin || !(new RegExp(host)).test(origin)) {
-      socket.destroy()
-    }
-  })
+  httpServer.on('upgrade', simpleCorsValidation(host))
 }
 
 module.exports = (...args) => {