5 Commits

Author SHA1 Message Date
Rafael Oleza
8a21abcd6b Prevent cross origin requests to development server
Summary:
This diff adds a middleware to the RN development server to prevent processing requests coming from a third-party website.

The way we choose to do it is to block any request that has an origin header and it's different than localhost. This will still allow simulators to work properly while blocking potential external websites to do malign CORS requests.

This is just a first quick measure to block a potential attack vector while we implement full authentication in the RN development server

Reviewed By: mjesun

Differential Revision: D9238674

fbshipit-source-id: b7bdc40dabc2f4d92f5ac84515f93b89efa4e833
2018-08-22 12:31:19 -07:00
Janic Duplessis
f05943de0a Fix local-cli assetRegistryPath and middlewares (#20162)
Summary:
This fixes some regressions with local-cli introduced in c4a66a89a28152cd4b81e2b0f80ab3aac34d6872.

- We didn't pass `assetRegistryPath` which caused the following error when loading the bundle:
```
error: bundling failed: Error: Unable to resolve module `missing-asset-registry-path` from `/Users/janic/Developer/react-native/RNTester/js/uie_thumb_normal@2x.png`: Module `missing-asset-registry-path` does not exist in the Haste module map
```
- The middlewares were not added to the metro server. This causes some packager server features to fail. The one I noticed is that the /status endpoint didn't exist anymore which causes CI to fail and also Android to not load the bundle from the packager initially. The remote debugging feature was also broken.
Pull Request resolved: https://github.com/facebook/react-native/pull/20162

Differential Revision: D8867610

Pulled By: hramos

fbshipit-source-id: 8a08b7f3175692ab6ee73c0a7c25075091ae4792
2018-07-18 15:34:15 -07:00
Alexey Kureev
5067540487 Fix react-native CLI (internal and external one)
Summary:
- Fix wrong debugger-ui path
- Override host and port using args

Reviewed By: yungsters

Differential Revision: D8731159

fbshipit-source-id: ca8ad76a02eda9e0b9cdb1a952aa5631d660868f
2018-07-03 23:48:12 -07:00
Miguel Jimenez Esun
bbc8bb1f9d Do not use morgan internally
Summary: `morgan` produces non-json output, which affects `js1 run` when ran with the `--json` flag.

Reviewed By: Kureev

Differential Revision: D8724830

fbshipit-source-id: 11377f6ef39341c658a7f905383398423a721630
2018-07-03 13:47:08 -07:00
Alexey Kureev
c4a66a89a2 Code clean-ups and createServer migration
Summary:
Scope of the diff:

1. Middleware
`react-native-github/local-cli` and `react-native-internal-cli` uses a very similar set of middlewares (internal cli extends github version), so I decided to move it to a standalone file (middleware manager) in order to remove duplications and increase readability.

2. Types
Seems that after Flow upgrade to version 0.68 there were many type issues to resolve, so all of them were auto-mocked. This is fine, but I'd like to see Flow assists me with `Metro.createServer` -> `Metro.runServer` migration. Hence, I decided to resolve flow mocks, related to runServer.

3. `runServer` signature
In `react-native-github` repo I cleaned up `runServer` signature by removing `startCallback` and `readyCallback` from the function parameters and moved them to `runServer` instead.

4. Replace `createServer` by `runServer`
In `react-native-github` repo, `createServer` has been replaced by `runServer`. __Some of arguments are not mapped__.

Note that this diff will partially break argument mapping. This is intentional. @[100000044482482:ives] will fix it with a new config package.

Reviewed By: mjesun

Differential Revision: D8711717

fbshipit-source-id: a843ab576360ff7242099910d8f25a9cb0a388c0
2018-07-02 09:47:39 -07:00