xforwardedstuff - Branch - withastro/astro - CodSpeed

Blog Docs Changelog

Prevent cache poisoning in x-forwarded headers

#14743Merged

Comparing

xforwardedstuff

(

5273707

) with

main

(

91780cf

)

+1%

Untouched: 6

No successful run was found on main ( 8d7ee36) during the generation of this report, so 91780cf was used instead as the comparison base. There might be some changes unrelated to this pull request in this report.

Benchmarks

Passed

Rendering: streaming [false], .astro file

benchmark/bench/codspeed.bench.js::Bench rendering

+3%

918.5 ms890.9 ms

Rendering: streaming [true], .mdx file

benchmark/bench/codspeed.bench.js::Bench rendering

0%

720.1 ms719.1 ms

Rendering: streaming [true], .astro file

benchmark/bench/codspeed.bench.js::Bench rendering

0%

934.2 ms934 ms

Rendering: streaming [true], .md file

benchmark/bench/codspeed.bench.js::Bench rendering

0%

12.8 ms12.8 ms

Rendering: streaming [false], .md file

benchmark/bench/codspeed.bench.js::Bench rendering

0%

12.8 ms12.8 ms

Rendering: streaming [false], .mdx file

benchmark/bench/codspeed.bench.js::Bench rendering

0%

716.5 ms716.7 ms

Commits

Click on a commit to change the comparison range

Base

main

91780cf

+0.51%

changeset and build

bc22e2d

2 days ago

by matthewp

+0.03%

fix: validate X-Forwarded headers with port pattern matching Fixes protocol validation to accept http/https when allowedDomains exist but lack protocol patterns. Restructures port/host validation to validate port first, then include it when validating host against patterns. Properly extracts hostname without port to avoid duplication when combining with X-Forwarded-Port.

7f9fa63

2 days ago

by matthewp

0%

Update .changeset/secure-headers.md Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>

5273707

2 days ago

by matthewp

© 2025 CodSpeed Technology

Home Terms Privacy Docs