Express: Identify if request is local or remote.
Hello,
I am using Express.js in a web app. During development I want to include one thing. In production, I want to do another. For this reason, I need to identify whether a request was made locally or remotely. Essentially, I want to have:
var isLocalRequest = // something;
How do you do this with Express?
paranoid-android
All 6 comments
The easier way to is to set an environmental variable for what environment you're in(production or development). The usual one is process.env.NODE_ENV then do a check like
if (process.env.NODE_ENV === 'development') {
// do dev stuff
}
if (process.env.NODE_ENV === 'production') {
//do production stuff
}
You also have to run the server like this NODE_ENV="development" node server.js. The other option is to check the ip address https://stackoverflow.com/questions/10849687/express-js-how-to-get-remote-client-address and filter for local addresses (127.0.0.1) but that could be inconsistent (it might not register as 127.0.0.1).
toastynerd
on 27 Jan 2015
The absolute best way is as @toastynerd describes by simply using configuration to configure your app differently based on it's environment. Doing anything dynamically can lead to security issues in the long run. Otherwise, as long as you don't have a proxy on the same machine, checking req.connection.remoteAddress for 127.0.0.1 or ::ffff:127.0.0.1 or ::1 will let you know if the raw socket is from your localhost (the raw socket address cannot be spoofed).
dougwilson
on 27 Jan 2015
Therefore I use this
var isThisLocalhost = function (req){
var ip = req.connection.remoteAddress;
var host = req.get('host');
return ip === "127.0.0.1" || ip === "::ffff:127.0.0.1" || ip === "::1" || host.indexOf("localhost") !== -1;
}
jfoclpf
on 1 Jan 2018
@jfoclpf seems like anyone can send a Host: localhost-header and trick your implementation?
LinusU
on 2 Jan 2018
Yes. But I don't have security issues at stake. I just use localhost for
testing. No one would have interest or gain in doing that in my site.
On 2 Jan 2018 12:40 p.m., "Linus Unnebäck" notifications@github.com wrote:
@jfoclpf https://github.com/jfoclpf seems like anyone can send a Host:
localhost and trick your implementation?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/expressjs/express/issues/2518#issuecomment-354758455,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADzODV5H2efXVvlwr8Ha4KCTt1Pr5wnjks5tGiOwgaJpZM4DXvDy
.
jfoclpf
on 2 Jan 2018
For simple cases, this would be enough:
var isLocal = (req.connection.localAddress === req.connection.remoteAddress);
DevelAx
on 19 Jan 2019
Related issues
snowdream
·
3Comments
AndrewEQ
·
4Comments
extensionsapp
·
3Comments
zackarychapple
·
3Comments
jefflage
·
4Comments
Most helpful comment
For simple cases, this would be enough: