nik/signal-cli
1
0
Fork 0
mirror of https://github.com/AsamK/signal-cli.git synced 2026-06-12 17:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable host validation when binding on 0.0.0.0

Browse Source 
Fixes #2056
This commit is contained in:
AsamK 2026-06-11 11:43:49 +02:00
parent b3c1b6a4f6
commit 9f0676d563
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/main/java/org/asamk/signal/http/HttpServerHandler.java
View File

@ -73,7 +73,13 @@ public class HttpServerHandler implements AutoCloseable {
server.start();
logger.info("Started HTTP server on {}", address);
logger.warn("HTTP server has no authentication; Host header is pinned to {}", allowedHosts);
// If we're listening on any local address (0.0.0.0 or ::), skip Host header validation
final var addr = address == null ? null : address.getAddress();
if (addr != null && addr.isAnyLocalAddress()) {
logger.warn("HTTP server has no authentication; Host header validation DISABLED because listening on {}", address);
} else {
logger.warn("HTTP server has no authentication; Host header is pinned to {}", allowedHosts);
}
}
@Override
@ -306,6 +312,18 @@ public class HttpServerHandler implements AutoCloseable {
}
private boolean isHostAllowed(final HttpExchange httpExchange) {
// If the server is bound to any local address (0.0.0.0 or ::), skip host header validation
if (address != null) {
final var addr = address.getAddress();
if (addr != null && addr.isAnyLocalAddress()) {
return true;
}
final var hostStr = address.getHostString();
if ("0.0.0.0".equals(hostStr) || "::".equals(hostStr)) {
return true;
}
}
final var hostHeader = httpExchange.getRequestHeaders().getFirst("Host");
if (hostHeader == null || hostHeader.isEmpty()) {
return false;