You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The remix-express/server tries to parse the port number from either the host or the X-Forwarded-Host header remix-express/server.ts#L92. In the case that one of them is an IPv6 address the code incorrectly identifies part of the ip address as port because it splits at colons and IPv6 addresses can contain colons.
### Used Package Manager
npm
### Expected Behavior
The express server does work even if host or `X-Forwarded-Host` header is an IPv6 address.
### Actual Behavior
The express server throws an error because an invalid url is constructed.
The text was updated successfully, but these errors were encountered:
Just a note on IPv6 request formatting in browsers... A correctly formatted Host header with an IPv6 address would have the address in square brackets. e.g. for localhost on port 3000:
Host: [::1]:3000
I would assume a correct X-Forwarded-Host would be the same.
As in a browser doesn't even make a request on this: http://::1:3000. Instead in needs to be formatted like this: http://[::1]:3000/ or http://[0:0:0:0:0:0:0:1]:3000/.
Hey @ngbrown I am not sure how the host header is passed, but it could be possible that it is passed with square brackets. This would still result in the described error, but then it should be possible to extract the port from the header because we know when the IP part ends and the port part starts. I try to get some information how it is passed in the live system.
@a47ae no worries. I had seen that your example still failed with square brackets, but I wanted to call it out so the tests and implementation didn't get written incorrectly.
Reproduction
The remix-express/server tries to parse the port number from either the
host
or theX-Forwarded-Host
header remix-express/server.ts#L92. In the case that one of them is an IPv6 address the code incorrectly identifies part of the ip address as port because it splits at colons and IPv6 addresses can contain colons.I created an example here: https://stackblitz.com/edit/remix-run-remix-edjlfm?file=app%2Froutes%2F_index.tsx
The button fetches the current site but adds a custom
X-Forwarded-Host
header to emulate a server environment. One should see that the request fails and the server logs anInvalid URL
error.We noticed this error with our remix application behind a reverse proxy which does health checks using the internal IPv6 address.
System Info
The text was updated successfully, but these errors were encountered: