From 0f22eaa2b14cd477e3f1c26069627ffa38029092 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Requena=20L=C3=B3pez?= <crequena@ulb.ac.be>
Date: Tue, 8 Jan 2019 22:12:02 +0100
Subject: [PATCH] adapt tests fix #1618

---
 lib/Server.js           |  3 ++-
 test/Validation.test.js | 37 +++++++++++++++++--------------------
 2 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/lib/Server.js b/lib/Server.js
index 6542337c8d..7fa373d0fe 100644
--- a/lib/Server.js
+++ b/lib/Server.js
@@ -672,8 +672,9 @@ Server.prototype.checkHost = function (headers, headerToCheck) {
     false,
     true
   ).hostname;
+
   // always allow localhost host, for convience
-  if (hostname === 'localhost') {
+  if (hostname === 'localhost' || hostname === '127.0.0.1') {
     return true;
   }
   // allow if hostname is in allowedHosts
diff --git a/test/Validation.test.js b/test/Validation.test.js
index 8dc0f98cb6..877579bcb0 100644
--- a/test/Validation.test.js
+++ b/test/Validation.test.js
@@ -132,10 +132,17 @@ describe('Validation', () => {
       }
     });
 
-    it('should allow access for every requests using an IP', () => {
-      const options = {};
+    it('should not allow access for IPs or hostnames that are not in options.public or allowedHosts and viceversa', () => {
+      const options = {
+        public: 'pointerpointer.com',
+        allowedHosts: ['realdevdomain.dev']
+      };
 
       const tests = [
+        'realdevdomain.dev',
+        'test.hostname:80',
+        'google.com',
+        'pointerpointer.com',
         '192.168.1.123',
         '192.168.1.2:8080',
         '[::1]',
@@ -149,28 +156,18 @@ describe('Validation', () => {
       tests.forEach((test) => {
         const headers = { host: test };
 
-        if (!server.checkHost(headers)) {
-          throw new Error("Validation didn't pass");
+        const isPublicHostname = test === options.public;
+        const isInAllowedHosts = options.allowedHosts.includes(test);
+        if (server.checkHost(headers)) {
+          if (!isPublicHostname && !isInAllowedHosts)
+            throw new Error("Validation didn't fail. It should");
+        } else {
+          if (isPublicHostname || isInAllowedHosts)
+            throw new Error("Validation failed and it shouldn't");
         }
       });
     });
 
-    it("should not allow hostnames that don't match options.public", () => {
-      const options = {
-        public: 'test.host:80'
-      };
-
-      const headers = {
-        host: 'test.hostname:80'
-      };
-
-      const server = new Server(compiler, options);
-
-      if (server.checkHost(headers)) {
-        throw new Error("Validation didn't fail");
-      }
-    });
-
     it('should allow urls with scheme for checking origin', () => {
       const options = {
         public: 'test.host:80'