fix: harden local API and debug logging privacy#512
Conversation
- clarify local API privacy wording - reject invalid Host and Origin headers - add forbidden response reason phrase - make DebugLogger respect the disabled logging toggle before persisting or printing logs Verification: - swiftc -typecheck Sources/Fluid/Services/LocalAPI/LocalAPIModels.swift - swiftc -typecheck Sources/Fluid/Services/DebugLogger.swift Sources/Fluid/Services/FileLogger.swift - static guard checks for Host/Origin/DebugLogger behavior
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5ebe91d64b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return false | ||
| } | ||
| guard scheme == "http" || scheme == "https" else { return false } | ||
| return host == "localhost" || host == "127.0.0.1" || host == "::1" |
There was a problem hiding this comment.
Allow bracketed IPv6 loopback origins
When a browser or local client calls the API via IPv6 loopback, e.g. http://[::1]:47733, it sends an origin like http://[::1]:47733; URLComponents.host preserves the brackets for IPv6 literals, while this allow-list only compares against ::1. The router therefore returns 403 for IPv6 loopback requests even though the Host check explicitly accepts [::1], breaking clients that include an Origin header on the IPv6 loopback address.
Useful? React with 👍 / 👎.
- bump package manifest tools version to 6.0 so .macOS(.v15) is available - keep platform target at macOS 15 Verification: - swift --version - swift package dump-package
Allow URLComponents' bracketed [::1] host form for local API Origin checks so browser clients using IPv6 loopback are treated consistently with Host header validation. Verification: - swift package dump-package - swift -e URLComponents loopback origin check
|
Addressed the IPv6 loopback Origin feedback in
Verification run locally: |
|
Friendly workflow nudge: this PR is still waiting at the fork workflow approval gate ( Latest follow-up commit Once the workflow is approved/run, I can follow up quickly on any concrete CI failure. |
Summary
HostandOriginheaders in the local API request path.Verification
swiftc -typecheck Sources/Fluid/Services/LocalAPI/LocalAPIModels.swiftswiftc -typecheck Sources/Fluid/Services/DebugLogger.swift Sources/Fluid/Services/FileLogger.swiftNotes