mmintel/klz-cables.com
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

feat: Broaden middleware's internal URL correction to include hosts like klz-app and localhost, and update Varnish's health check URL to /health.
All checks were successful
Build & Deploy KLZ Cables / 🔍 Prepare Environment (push) Successful in 7s
Details
Build & Deploy KLZ Cables / 🧪 Quality Assurance (push) Successful in 1m31s
Details
Build & Deploy KLZ Cables / 🏗️ Build Gatekeeper (push) Successful in 23s
Details
Build & Deploy KLZ Cables / 🏗️ Build App (push) Successful in 5m7s
Details
Build & Deploy KLZ Cables / 🚀 Deploy (push) Successful in 50s
Details
Build & Deploy KLZ Cables / ⚡ PageSpeed (push) Successful in 9m7s
Details
Build & Deploy KLZ Cables / 🔔 Notifications (push) Successful in 2s
Details

Browse Source
This commit is contained in:
Marc Mintel
2026-02-06 13:23:26 +01:00
parent b74f6b6f9e
commit ebe67afd73
2 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
middleware.ts
View File

@@ -19,25 +19,31 @@ export default function middleware(request: NextRequest) {
headerObj[key] = value;
});
// Defensive URL correction
// If the URL contains 0.0.0.0 (internal IP), we rebuild it using the Host header
// Defensive URL correction for internal container leakage (0.0.0.0, klz-app, localhost)
// This prevents hydration mismatches and host poisoning in generated links/metadata.
const urlObj = new URL(url);
const internalHosts = ['0.0.0.0', 'klz-app', 'localhost', '127.0.0.1'];
let effectiveRequest = request;
if (url.includes('0.0.0.0')) {
if (internalHosts.includes(urlObj.hostname)) {
const proto = headers.get('x-forwarded-proto') || 'https';
const host = headers.get('x-forwarded-host') || headers.get('host') || 'testing.klz-cables.com';
const newUrl = new URL(url);
newUrl.protocol = proto;
// Split host to remove port if present
const [hostname] = host.split(':');
newUrl.hostname = hostname;
newUrl.port = ''; // Explicitly clear the port to avoid leaking :3000
effectiveRequest = new NextRequest(newUrl, {
// Prioritize x-forwarded-host (passed by Traefik) over the local Host header
const hostHeader =
headers.get('x-forwarded-host') || headers.get('host') || 'testing.klz-cables.com';
const [publicHostname] = hostHeader.split(':');
urlObj.protocol = proto;
urlObj.hostname = publicHostname;
urlObj.port = ''; // Explicitly clear internal port (3000)
effectiveRequest = new NextRequest(urlObj, {
headers: request.headers,
method: request.method,
body: request.body,
});
console.log(
`Replaced 0.0.0.0 URL with: ${newUrl.toString()} | Original Host: ${headers.get('host')} | Forwarded Host: ${headers.get('x-forwarded-host')}`,
`🛡️ Middleware: Fixed internal URL leak: ${url} -> ${urlObj.toString()} | Proto: ${proto} | Host: ${hostHeader}`,
);
}

2
varnish/default.vcl
View File

@@ -3,7 +3,7 @@ vcl 4.1;
import std;
probe default_probe {
.url = "/en";
.url = "/health";
.timeout = 2s;
.interval = 5s;
.window = 5;