diff options
| author | yan <yan@mit.edu> | 2018-01-12 10:39:56 +0300 |
|---|---|---|
| committer | yan <yan@mit.edu> | 2018-01-12 10:39:56 +0300 |
| commit | eea73a38ed8552c6a99cdd0dea5c9619dc955a21 (patch) | |
| tree | 1990ef5645d4884a9c73c927f1b8df83a9a57293 /docs | |
| parent | a7f8f71597621bccbe0630771cd4bbf3c398f171 (diff) | |
Add hostname option to mitigate DNS rebinding
This adds the `hostname` opt to allow the server to validate the `Host` header of incoming requests to prevent DNS rebinding attacks. Needed for https://github.com/brave/browser-laptop/issues/12616.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/api.md | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/docs/api.md b/docs/api.md index d1c0a87..013babd 100644 --- a/docs/api.md +++ b/docs/api.md @@ -327,6 +327,7 @@ Returns an `http.Server` instance (got from calling `http.createServer`). If ```js { origin: String // Allow requests from specific origin. `false` for same-origin. [default: '*'] + hostname: String // If specified, only allow requests whose `Host` header matches this hostname. Note that you should not specify the port since this is automatically determined by the server. Ex: `localhost` [default: `undefined`] } ``` |