Harden relay security and diagnostics#3
Open
AmirrezaFarnamTaheri wants to merge 9 commits into
Open
Conversation
Keep the one-click x-host relay flow compatible with existing default servers and generated VLESS configs while improving production behavior inside the Edge Function only. Adds hardened target parsing, loop/private-network blocking, expanded hop-by-hop header filtering, upstream timeout handling, automatic CORS preflight/response support, redirect and cookie rewriting, local diagnostics/help routes, root page caching/fallback, relay diagnostic headers, and structured request logs. Validation: node --check netlify/edge-functions/relay.js; mocked handler smoke checks for diagnostics, CORS, SSRF blocking, proxy passthrough, redirect rewriting, cookie rewriting, preserved auth/cookie/range headers; npm run build; git diff --check.
Harden and optimize dynamic relay
Improve resilience and spike efficiency without changing the one-click dynamic x-host behavior. Retries are limited to idempotent methods and retry only transient upstream failures. Duplicate suppression is limited to unauthenticated GET/HEAD requests without cookies or range headers, preserving default server, session, upload, and VLESS generator compatibility. Validation: node --check netlify/edge-functions/relay.js; extended mocked handler smoke checks for diagnostics, CORS, SSRF blocking, proxy passthrough, redirect and cookie rewriting, safe retry recovery, and duplicate GET collapsing; npm run build; git diff --check.
Constrain browser CORS to same-origin requests, filter preflight headers against an explicit allowlist, and avoid credentialed origin reflection for arbitrary sites. Map malformed absolute x-host values to a client-side invalid_x_host 400, add reserved-hostname suffix checks, and use Deno.resolveDns when available to block hostnames resolving to private addresses. Diagnostics now reports whether DNS-backed private-network blocking is active. Validation: node --check netlify/edge-functions/relay.js; review-fix mocked handler smoke checks covering malformed x-host, cross-origin CORS denial, same-origin CORS allow, header filtering, DNS private target blocking, passthrough, retries, and duplicate GET collapsing; npm run build; git diff --check.
Remove unsafe in-flight response collapsing so GET/HEAD responses keep normal streaming semantics and avoid unread clone tee branches. Release transient retry response bodies before retrying, and bound the DNS validation cache with lightweight pruning plus a hard entry cap. Validation: node --check netlify/edge-functions/relay.js; Qodo reliability smoke checks for malformed x-host, CORS restrictions, DNS private target blocking, retry body cancellation, independent duplicate GET streaming, large GET passthrough, DNS cache cap path; npm run build; git diff --check.
Address relay review feedback
Expose retry and duplicate-suppression state in diagnostics, and tag denied CORS preflights with x-relay-error for clearer logs and support triage. Validation: node --check netlify/edge-functions/relay.js; final polish mocked smoke checks for diagnostics, CORS denial error code, same-origin preflight, malformed x-host, DNS private target blocking, retry body cancellation, duplicate GET streaming, and large GET passthrough; npm run build; git diff --check.
Expose pass-through cache behavior, absent relay rate limiting, redirect and cookie handling, retry body release, and reserved routes in diagnostics so operators can see which brainstorm features were intentionally adapted or left out for one-click compatibility. Validation: node --check netlify/edge-functions/relay.js; final diagnostics mocked smoke checks for diagnostics fields, CORS restrictions, malformed x-host, DNS private target blocking, retry body cancellation, duplicate GET streaming, and large GET passthrough; npm run build; git diff --check.
Address relay review feedback
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Validation: